GNOME Bugzilla – Bug 346547
[enh] Support dynamic passwords
Last modified: 2008-11-14 16:58:54 UTC
I'm logging to a VPN using a securID. SecurID is a card where theres a code which changes every minutes. To use it, when I'm logging in, I need to type my pin code (4 digits) followed by the current code. I would like to have an option to save only the group password, username, and eventually my pin code to the keyring, and been asked for the current securID code only, instead of being asked for all these information or save them all.
My employer uses this type of VPN setup. On our Windows and Mac clients, the group password is saved along with the group name in the VPN configuration settings. I would recommend adding an option to save a group password in the optional information section of NetworkManager's VPN configuration dialog. Then if a group password has been saved, NetworkManager would not prompt for a group password at each connection attempt. Also, occasionally my employer will prompt for the "Next SecurID Passcode" during a connection attempt. NetworkManager does not display these prompts and will just fail to connect to the network. When this happens I need to use a Windows or Mac Client to see the prompt and log on to the VPN network.
bump
This isn't just a VPN issue... it also applies to wireless. I regularly connect to a network that uses EAP-TTLS with PAP for phase 2 auth, where the PAP password is s SecurID token code. Being able to at least flag the user password as dynamic, and prompting for the password on each connection, would be a huge win for me.
I use a SecureID on a regular basis, so I do not have a need to save the password. I would, however like to save just the group password as work uses a relatively long and annoying group password (good thing, I know...I know), but it is really frustrating having to type that in along with two-factor authentication. In my mad attempts to correct this, I tried deleting just the password entry in gnome-keyring leaving the group password alone in the keyring. That caused the applet to crash and wouldn't fix without completely wiping out both keys. Next, I tried adding IPSec secret and password as data in gconf for my vpn connection. Again, crashes. I would be EXTREMELY pleased to see a feature added that would save just the group password as a choice.
Discussion is wandering away from the original request, which was to save only the fixed part of the user password while still prompting for the varying (SecurID-generated) part. Bug 363918 discusses saving group passwords only. This works fine for me, in fact, so I'm not sure why bug 363918 is still open. I'm using "NetworkManager-0.7.0-0.9.3.svn3623.fc9" installed as part of Fedora 9. {shrug}
confirming, we'll support this in the future
*** Bug 527061 has been marked as a duplicate of this bug. ***
*** Bug 559284 has been marked as a duplicate of this bug. ***
*** Bug 558331 has been marked as a duplicate of this bug. ***
*** Bug 436382 has been marked as a duplicate of this bug. ***
Fixed in svn r4283
*** Bug 504807 has been marked as a duplicate of this bug. ***