Here is the use case of what is happening currently

1. A VPN (Cisco compatible, i.e vpnc) profile is created using the NetworkManager wizard.
2. User logs into the network by supplying both the group password (doesn't change for the profile), password (dynamic).
3. First time the user has entered the static group password, dynamic password, vpn successfully connects to the gateway.
4. User Disconnects from the VPN.
5. Connect to the same Profile again, this time NetworkManager will try to connect to the gateway using the *cached* group password and *cached* password. Given that the password is expired, vpnc will never be able to make a successful connection to the gateway, also for some secured gateways, they block the account if the user connects to the gateway using the wrong password thrice.
6. In order to be successfully able to login to the vpn gateway, user always have to logout of GNOME first and try connecting again.

What the network manager should do is as follows

1. In the 'Enter password' dialog, if the user selects 'remember group password' then we should always ask for the password of the user (as we already stored the group password in the keyring). Since we are trying to be oversmart by not asking the password, we are blocking the access of the user permanently (in some cases).


I am currently using the following versions on Fedora 8

[nareshv@Angel ~]$ rpm -qa NetworkManager\*
NetworkManager-0.7.0-0.6.7.svn3235.fc8
NetworkManager-gnome-0.7.0-0.6.7.svn3235.fc8
NetworkManager-glib-0.7.0-0.6.7.svn3235.fc8
NetworkManager-vpnc-0.7.0-0.6.3.svn3109.fc8