Ed Greshko writes:
On 2020-07-23 10:49, Sam Varshavchik wrote:> This means the password is stored in the user's key ring on a per- user basis.> > I haven't tried changing this via nmcli. But, will investigate. FWIW.... nmcli connection modify US-East-NJ vpn.secrets "password=something" Works just fine for a logged-in user.
Well, I ssh-ed in as root, using an ssh cert. I guess that doesn't count.This is in a server context. The server wants a VPN tunnel of its own, rather than any particular user.
It's not clear to me if it's NetworkManager itself that defaults to a user- set password. Maybe there's something in the openvpn configuration file that chooses whether to set up a user-centric or server-centric VPN, and this VPN provider is supplying user-centric configuration files.
And I was able to reproduce the broken SELinux context, starting from scratch. "nmcli import" creates /root/.cert, if it does not exist, with a broken SELinux context. Bug 1859974.
Attachment:
pgpej69fKYLd4.pgp
Description: PGP signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
