NetworManager and openconnect: using cookies
Dan Williams
dcbw at redhat.com
Fri Oct 8 23:49:34 EDT 2010
On Fri, 2010-10-08 at 11:03 -0300, muriloo at br.ibm.com wrote:
> David Woodhouse <dwmw2 at infradead.org> wrote on 10/01/2010 11:42:31 PM:
>
> > David Woodhouse <dwmw2 at infradead.org>
> > 10/01/2010 11:42 PM
> >
> > To
> >
> > "muriloo at br.ibm.com" <muriloo at br.ibm.com>
> >
> > cc
> >
> > "networkmanager-list at gnome.org" <networkmanager-list at gnome.org>,
> > "ebarkie at us.ibm.com" <ebarkie at us.ibm.com>, openconnect-
> > devel at lists.infradead.org
> >
> > Subject
> >
> > Re: NetworManager and openconnect: using cookies
> >
> > Tbanks; this looks good.
> >
> > But we should really be using gnome-keyring for storing the cookie,
> not
> > gconf. That way it's much less likely that it'll 'leak'. I think we
> can
> > get away with enabling this behaviour by default then.
> >
> > We should probably make some attempt to remember the lifetime of the
> > cookie too, so we don't try to use it when we *know* it's already
> timed
> > out.
> >
> > > I'm stuck on this step: if it fails on cookie, jump to ask
> > > username/password inputs from user. It always tries to use cookie.
> >
> > Yeah, I suspect it's best to try to validate the cookie directly,
> rather
> > than passing it to openconnect and praying. We can implement a
> > 'test-cookie' option in (lib)openconnect, which can either try a
> CONNECT
> > request, or hopefully there's a way to use the cookie with an HTTP
> GET
> > request that'll tell us if it's working too.
> >
> > Not sure about sending SIGKILL immediately -- that may upset the
> people
> > who had the issues which made me implement the BYE packet in the
> first
> > place. Perhaps we need an option to avoid the BYE on disconnect
> (which
> > would be nice in other situations too).
> >
> > --
> > dwmw2
> >
>
> Hi guys,
>
> Thanks for your reply David.
>
> I think we could implement keyring support for password first and
> after
> implement a function to test if cookie is still valid and save cookie
> in
> gnome-keyring either.
>
> For now, I've drafted a patch to add gnome-keyring support for user's
> password. Please refer to the attachment
> openconnect-add-gnome-keyring-support.patch
>
> Feel free to make any comments about it. I'd be glad to improve it.
Whenever you feel its good enough David, feel free to push to git if you
have access. If not let me know.
Dan
More information about the openconnect-devel
mailing list