<tt><font size=2>David Woodhouse <dwmw2@infradead.org> wrote on
10/01/2010 11:42:31 PM:<br>
<br>
> David Woodhouse <dwmw2@infradead.org> </font></tt>
<br><tt><font size=2>> 10/01/2010 11:42 PM</font></tt>
<br><tt><font size=2>> <br>
> To</font></tt>
<br><tt><font size=2>> <br>
> "muriloo@br.ibm.com" <muriloo@br.ibm.com></font></tt>
<br><tt><font size=2>> <br>
> cc</font></tt>
<br><tt><font size=2>> <br>
> "networkmanager-list@gnome.org" <networkmanager-list@gnome.org>,
<br>
> "ebarkie@us.ibm.com" <ebarkie@us.ibm.com>, openconnect-<br>
> devel@lists.infradead.org</font></tt>
<br><tt><font size=2>> <br>
> Subject</font></tt>
<br><tt><font size=2>> <br>
> Re: NetworManager and openconnect: using cookies</font></tt>
<br><tt><font size=2>> <br>
> Tbanks; this looks good.<br>
> <br>
> But we should really be using gnome-keyring for storing the cookie,
not<br>
> gconf. That way it's much less likely that it'll 'leak'. I think we
can<br>
> get away with enabling this behaviour by default then.<br>
> <br>
> We should probably make some attempt to remember the lifetime of the<br>
> cookie too, so we don't try to use it when we *know* it's already
timed<br>
> out.<br>
> <br>
> > I'm stuck on this step: if it fails on cookie, jump to ask<br>
> > username/password inputs from user. It always tries to use cookie.<br>
> <br>
> Yeah, I suspect it's best to try to validate the cookie directly,
rather<br>
> than passing it to openconnect and praying. We can implement a<br>
> 'test-cookie' option in (lib)openconnect, which can either try a CONNECT<br>
> request, or hopefully there's a way to use the cookie with an HTTP
GET<br>
> request that'll tell us if it's working too.<br>
> <br>
> Not sure about sending SIGKILL immediately -- that may upset the people<br>
> who had the issues which made me implement the BYE packet in the first<br>
> place. Perhaps we need an option to avoid the BYE on disconnect (which<br>
> would be nice in other situations too).<br>
> <br>
> -- <br>
> dwmw2<br>
> <br>
</font></tt>
<br><tt><font size=2>Hi guys,</font></tt>
<br>
<br><tt><font size=2>Thanks for your reply David.</font></tt>
<br>
<br><tt><font size=2>I think we could implement keyring support for password
first and after</font></tt>
<br><tt><font size=2>implement a function to test if cookie is still valid
and save cookie in</font></tt>
<br><tt><font size=2>gnome-keyring either.</font></tt>
<br>
<br><tt><font size=2>For now, I've drafted a patch to add gnome-keyring
support for user's</font></tt>
<br><tt><font size=2>password. Please refer to the attachment openconnect-add-gnome-keyring-support.patch</font></tt>
<br>
<br><tt><font size=2>Feel free to make any comments about it. I'd be glad
to improve it.</font></tt>
<br>
<br><tt><font size=2>Murilo</font></tt>
<br>