GNOME Bugzilla – Bug 343513
Store password in gnome-keyring
Last modified: 2007-10-06 12:22:35 UTC
Here is a patch that stores account passwords in the Gnome Keyring Manager.
Created attachment 66540 [details] [review] First attempt
Thanks! This looks like a good start, I've tried this out and I think it needs some more work before we can apply it. First of all, I think we should have this as a build-time option and still keep the password-in-xml-file as fallback (but make this file not readable by all). There are still not many apps using the keyring and there is no keyring manager in distros by default yet, so there's no way to manage your passwords you are storing in there (as far as I know). I noticed some warnings on the console about not managing to get the password from the ring. You can see this if you mess around in the account dialog a bit. Probably when there is no password setup yet for an account.
> I noticed some warnings on the console about not managing to get the password > from the ring. You can see this if you mess around in the account dialog a bit. > Probably when there is no password setup yet for an account. Unfortunatly there is no way to tell the difference between 'no password in keyring' and 'access denied'. Therefore I thought I'd just log a warning when this happened.
Created attachment 66700 [details] [review] Second attempt Fall back to the old password handling mechanism if gnome-keyring is not availble. Improve memory management of the password obtained from the keyring.
Thanks for the updated patch. I will try to take another look at this soon.
I've been thinking a bit more about this. The ifdefs that are required in gossip-account make the code a bit convoluted. I wonder if we shouldn't make gossip-account able to ask the overlying layer for a password instead. This would be used both for when there is no saved password, or when the keyring is used. The layer on top, the gossip app in this case would provide the password, in some cases by asking the user and in some by looking in a keyring. If someone wants to try that, please let me know, otherwise I might do it at some point.
Just to say: Evolution-2.7.x now uses gnome-keyring, so gnome-keyring will become more used by GNOME users.
Also, seahorse (which is rocking) might get included in 2.18 and lets you manage your keyring. I'd really push to get rid of the old xml storage ;-)
I think using the "network password" type in the gnome-keyring API for this is wrong - basically the "network password" type is a schema appropriate for network file shares in nautilus. What I think you should do instead is have your own schema that's appropriate for this purpose, i.e. define the appropriate tuple to look up the password with, perhaps: (username=foo@domain, server=xmpp-server-name) The tuple should uniquely identify any xmpp login that could have a different password, and should not contain anything that's irrelevant to locating the password. Some more detail on how I'm understanding gnome-keyring right now: http://mail.gnome.org/archives/desktop-devel-list/2007-August/msg00241.html
I filed a similar bug vs. NetworkManager: http://bugzilla.gnome.org/show_bug.cgi?id=471567
Thanks Havoc, I will look into this when I get time.
Sam, thanks for your patch! I fixed up the breakages in the patch since we have left this one a little too long to bit rot in Bugzilla. Havoc, I did read your thread and look at the API. For now what Sam and I have added to Gossip is a start. I have created bug #484095 about using the right schema.