GNOME Bugzilla – Bug 471567
using wrong "schema" in gnome-keyring
Last modified: 2008-11-24 21:55:29 UTC
Using the NETWORK_PASSWORD type is wrong I think, for reasons discussed here: http://mail.gnome.org/archives/desktop-devel-list/2007-August/msg00241.html also there's a similar issue with Gossip: http://bugzilla.gnome.org/show_bug.cgi?id=343513 As mentioned in the Gossip bug, what you should put in gnome-keyring AIUI is only the tuple you need to uniquely identify each password, like: (vpn_name="Red Hat",user="hp",password_type="group") I think that's it. "protocol" and "object" fields are not appropriate or useful. vpn_name is the name of the account record stored by network manager, it might be more correct to use the name of the vpn server there instead: (vpn="vpnserver.example.com",user="hp",password_type="group") Then in theory if someone deleted and recreated their VPN config, the passwords would still be recorded in the keyring, since they are stored under the server to log in to not the name given to the config. This is also more theoretically correct since it would allow a non-NM program to share the keyring entry, though I can't imagine that happening for NM, it is a relevant consideration for an IM application for example (cf. Gossip bug).
The schema support in gnome-keyring is documented here: http://live.gnome.org/GnomeKeyring/StoringPasswords And here: http://library.gnome.org/devel/gnome-keyring/2.21/gnome-keyring-gnome-keyring-password.html
I suspect that I'm seeing another manifestations of the same problem. During wireless config with nm-applet on WPA2 enterprise network, I entered a password for my identity and no private key password. If I then use nm-editor to look at the keyring, the password I entered shows up as the private key password and nothing shows up for identity's password.
Reece: that's a bug in nm-editor. The original bug has long been fixed, as neither NM nor the plugins use network passwords anymore.