Re: can emacs use the mac os x keychain?

[Ted Zlatanov]

On Thu, 29 Jul 2010 07:31:43 +0300 Adrian Robert <address@hidden> wrote: 

TZ> 1) define a helper protocol to pass auth request parameters in the
TZ> environment somehow
>> 
TZ> 2) read the password back securely
>> 
TZ> 3) write an implementation that works with the Mac OS X keychain
>> 
>> Adrian, is there any chance that the NS Emacs port can provide those
>> keychain functions through an ELisp layer?  It would make it easier and
>> more secure to get user passwords, plus users wouldn't need to install
>> the helper program.

AR> A useful-sounding idea but seems mainly like something that would be
AR> a third-party package or maybe part of Aquamacs.  Are there any
AR> platform-independent parts of the needed functionality that the NS
AR> port lacks and Emacs on X11 or W32 has?

A third-party package wouldn't get the C-level bindings that are
necessary to make it reasonably secure.  The platform-independent part
is auth-source.el, which I have tried to hook into Emacs wherever
authentication is needed.  See auth.texi for more details.

On Thu, 29 Jul 2010 15:01:50 +0200 Stefan Monnier <address@hidden> wrote: 

SM> I think access to the system's standard keychain facility would be
SM> good to have in general, on all systems.

Thanks for Michael Albinus' work on auth-source.el, it now supports the
Secrets API which is supposed to become the standard where D-Bus is
available (so Emacs can interact with this API without helper apps if it
has D-Bus support configured).  auth.texi hasn't been updated with the
Secrets API info because it's still experimental.  

Assuming we get the NS port access to the Mac OS X keychain, that leaves
W32 as the only major platform lacking keychain support.  I don't
believe W32 has a standard keychain so that may be OK.

Ted