NetworManager and openconnect: using cookies

muriloo at br.ibm.com muriloo at br.ibm.com
Fri Oct 8 10:03:56 EDT 2010 

David Woodhouse <dwmw2 at infradead.org> wrote on 10/01/2010 11:42:31 PM:

> David Woodhouse <dwmw2 at infradead.org> 
> 10/01/2010 11:42 PM
> 
> To
> 
> "muriloo at br.ibm.com" <muriloo at br.ibm.com>
> 
> cc
> 
> "networkmanager-list at gnome.org" <networkmanager-list at gnome.org>, 
> "ebarkie at us.ibm.com" <ebarkie at us.ibm.com>, openconnect-
> devel at lists.infradead.org
> 
> Subject
> 
> Re: NetworManager and openconnect: using cookies
> 
> Tbanks; this looks good.
> 
> But we should really be using gnome-keyring for storing the cookie, not
> gconf. That way it's much less likely that it'll 'leak'. I think we can
> get away with enabling this behaviour by default then.
> 
> We should probably make some attempt to remember the lifetime of the
> cookie too, so we don't try to use it when we *know* it's already timed
> out.
> 
> > I'm stuck on this step: if it fails on cookie, jump to ask
> > username/password inputs from user. It always tries to use cookie.
> 
> Yeah, I suspect it's best to try to validate the cookie directly, rather
> than passing it to openconnect and praying. We can implement a
> 'test-cookie' option in (lib)openconnect, which can either try a CONNECT
> request, or hopefully there's a way to use the cookie with an HTTP GET
> request that'll tell us if it's working too.
> 
> Not sure about sending SIGKILL immediately -- that may upset the people
> who had the issues which made me implement the BYE packet in the first
> place. Perhaps we need an option to avoid the BYE on disconnect (which
> would be nice in other situations too).
> 
> -- 
> dwmw2
> 

Hi guys,

Thanks for your reply David.

I think we could implement keyring support for password first and after
implement a function to test if cookie is still valid and save cookie in
gnome-keyring either.

For now, I've drafted a patch to add gnome-keyring support for user's
password. Please refer to the attachment 
openconnect-add-gnome-keyring-support.patch

Feel free to make any comments about it. I'd be glad to improve it.

Murilo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20101008/34cfd1f8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openconnect-add-gnome-keyring-support.patch
Type: application/octet-stream
Size: 4333 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20101008/34cfd1f8/attachment.obj>

More information about the openconnect-devel mailing list