[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Passwords, stored in Gnome Keyring and KWallet

From: Ted Zlatanov
Subject: Re: Passwords, stored in Gnome Keyring and KWallet
Date: Wed, 12 May 2010 07:30:12 -0500
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux)

On Wed, 12 May 2010 14:07:54 +0200 Michael Albinus <address@hidden> wrote: 

MA> Ted Zlatanov <address@hidden> writes:
>> Michael, I left a TODO in the manual for explaining secrets.el.

MA> I'm sitting with this, it is not so easy.

btw, sorry I haven't updated auth-source.el, I've been swamped with work
(until next week).  I know there's at least one issue with the Secrets
API support there.

MA> Consequently, auth-source.el shall offer such an interface. Something
MA> like

MA> (defun auth-source-create (host password &optional user protocol)
MA>   "Create a new entry in the password database for accessing HOST.
MA> PASSWORD is the credential needed for authentication.  If USER is
MA> nil, PASSWORD will be applied for all users.  PROTOCOL can
MA> restrict the authentication for access methods, like \"imap\"
MA> or \"ssh\".
MA> The password databases as defined in `auth-sources' will be
MA> checked in order to find the best fit according to the arguments.
MA> Note, that only password databases of the Secret Service API will be
MA> taken into account, authinfo like flat files will not be used for
MA> creation of new entries.")

I agree 100% that this is useful.  Why not allow authinfo editing too?
I think auth-source-create should just be a wrapper for

;;; 'create-if-missing should be supplemented by a global
;;; auth-source-create-if-missing which could be 'never, 'always, or nil
(auth-source-user-or-password "password" server port user 'create-if-missing)

and it would (theoretically) work for any editable backend.  At least
for the two backends we've discussed (Secrets API and flat netrc files)
this would work.  That would give us a stateless way to ensure that a
password exists, prompting the user if necessary without interrupting
the code flow, and allowing the user to specify their preference as well
if they want to always or never create entries.

MA> A typical client library would have code like this:

MA> (let ((password (auth-source-user-or-password "password" server port user)))
MA>   (unless password
MA>     (setq password (read-passwd "Password: "))
MA>     (auth-source-create server password user port))
MA>   password)

All of this could live inside auth-source-user-or-password and get
triggered by 'create-if-missing.  Thus the auth-source API would remain
the same as now except for a new optional flag.  No new user-visible
functions need be introduced and clients only need to specify that flag
if they have a preference.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]