David Woodhouse <dwmw2 at infradead.org> wrote on 10/01/2010 11:42:31 PM: > David Woodhouse <dwmw2 at infradead.org> > 10/01/2010 11:42 PM > > To > > "muriloo at br.ibm.com" <muriloo at br.ibm.com> > > cc > > "networkmanager-list at gnome.org" <networkmanager-list at gnome.org>, > "ebarkie at us.ibm.com" <ebarkie at us.ibm.com>, openconnect- > devel at lists.infradead.org > > Subject > > Re: NetworManager and openconnect: using cookies > > Tbanks; this looks good. > > But we should really be using gnome-keyring for storing the cookie, not > gconf. That way it's much less likely that it'll 'leak'. I think we can > get away with enabling this behaviour by default then. > > We should probably make some attempt to remember the lifetime of the > cookie too, so we don't try to use it when we *know* it's already timed > out. > > > I'm stuck on this step: if it fails on cookie, jump to ask > > username/password inputs from user. It always tries to use cookie. > > Yeah, I suspect it's best to try to validate the cookie directly, rather > than passing it to openconnect and praying. We can implement a > 'test-cookie' option in (lib)openconnect, which can either try a CONNECT > request, or hopefully there's a way to use the cookie with an HTTP GET > request that'll tell us if it's working too. > > Not sure about sending SIGKILL immediately -- that may upset the people > who had the issues which made me implement the BYE packet in the first > place. Perhaps we need an option to avoid the BYE on disconnect (which > would be nice in other situations too). > > -- > dwmw2 > Hi guys, Thanks for your reply David. I think we could implement keyring support for password first and after implement a function to test if cookie is still valid and save cookie in gnome-keyring either. For now, I've drafted a patch to add gnome-keyring support for user's password. Please refer to the attachment openconnect-add-gnome-keyring-support.patch Feel free to make any comments about it. I'd be glad to improve it. Murilo -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20101008/34cfd1f8/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: openconnect-add-gnome-keyring-support.patch Type: application/octet-stream Size: 4333 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20101008/34cfd1f8/attachment.obj>
