2009/2/2 Christoph Höger <choeger@xxxxxxxxxxxxxxx>:
> Hi,
>
> I want to add gnome-keyring features to the gnome branch of offlineimap.
> Setting and retrieving Passwords works, but I could need some advice:
>
> 1. What parameters should I put into the keyring functions? I see server
> and protocoll elements in the attrs dict. Does that mean gnomekeyring
> stores values on a per host/service base? If yes, is it valid to put
> arbitrary strings ("offlineimap<ACCOUNT>") here?
Think of gnome-keyring more like a "schemaless persistent encrypted
Map<AttributeSet,Password>" rather than "account system". So yes, you
can put whatever attributes you want in there, and that's a reasonable
thing to do.
> 2. From a security point of view: How does gnomekeyring decide to give
> an app access if the users select "always allow" on later calls?
The application access control system is inherently broken (from a UI
perspective and from a technical perspective) and should not be used.
http://bugzilla.gnome.org/show_bug.cgi?id=533493
It should be disabled in Fedora as far as I know unless the changes
were inadvertently reverted.
> 3. Would calling the app via cron cause any communication problems?
Yes; cron will not have access by default to the logged in session
infrastructure (in particular the X server and session bus). This is
one of the things that would be nice to fix in a more desktop
integrated scheduled execution service. But sinc e cron is all we
have right now, if you need gnome-keyring from cron, you need to look
up the DBUS_SESSION_BUS_ADDRESS Unix environment variable. If none
exists, then create your own session using dbus-launch, and
gnome-keyring should be invoked through service activation when you
try to talk to it.
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
