NetworManager and openconnect: using cookies
David Woodhouse
dwmw2 at infradead.org
Fri Oct 1 22:42:31 EDT 2010
Tbanks; this looks good.
But we should really be using gnome-keyring for storing the cookie, not
gconf. That way it's much less likely that it'll 'leak'. I think we can
get away with enabling this behaviour by default then.
We should probably make some attempt to remember the lifetime of the
cookie too, so we don't try to use it when we *know* it's already timed
out.
> I'm stuck on this step: if it fails on cookie, jump to ask
> username/password inputs from user. It always tries to use cookie.
Yeah, I suspect it's best to try to validate the cookie directly, rather
than passing it to openconnect and praying. We can implement a
'test-cookie' option in (lib)openconnect, which can either try a CONNECT
request, or hopefully there's a way to use the cookie with an HTTP GET
request that'll tell us if it's working too.
Not sure about sending SIGKILL immediately -- that may upset the people
who had the issues which made me implement the BYE packet in the first
place. Perhaps we need an option to avoid the BYE on disconnect (which
would be nice in other situations too).
--
dwmw2
More information about the openconnect-devel
mailing list