From: Ted Zlatanov <tzz@lifelogs.com>
To: ding@gnus.org
Subject: Re: auth-sources asking for password 2 or 3 times
Date: Tue, 22 Feb 2011 20:36:11 -0600 [thread overview]
Message-ID: <87mxln1nqc.fsf@lifelogs.com> (raw)
In-Reply-To: <m3zkpnebva.fsf-ueno@unixuser.org>
On Wed, 23 Feb 2011 11:14:01 +0900 Daiki Ueno <ueno@unixuser.org> wrote:
DU> Ted Zlatanov <tzz@lifelogs.com> writes:
>> I put a change for this to use lexical-bind and obfuscated data stored
>> inside the lambda function. I think it's as safe as we can get. IMHO
>> EPA/EPG are not going to do the caching for us so you were right to move
>> it to the auth-source level.
DU> I have been always unhappy to see that you complain "EPA/EPG are not
DU> going to do the caching" again and again, although I see a pain in the
DU> neck is in auth-source/netrc rather than EPA/EPG.
Sorry if it seems like I'm complaining. My point was just that EPA/EPG
shouldn't have to do caching to accomodate auth-source.el usage (which
is very different from the user-level interactions). It works well and
I appreciate how much work you've done on it.
DU> Why auth-source/netrc tries to visit ~/.authinfo.gpg multiple times even
DU> for only one connection? My guess is that, auth-source/netrc tries to
DU> open that file for each parameter (e.g. user, host, port, password),
DU> right? If so, it looks to me superfluous, since user/host/port are
DU> generally not a secret information.
I don't think that's the case, at least not anymore (I changed quite a
bit today). You can see in *Messages* (if you set `auth-source-debug'
to 'trivia) one of these messages:
"auth-source-netrc-parse: using CACHED file data for %s"
or one EPA/EPG decode message like this:
/home/tzz/autodist/f: 0% (0/1949)
/home/tzz/autodist/f: 100% (1949/1949)
per file per search. If I'm wrong, please let me know so I can fix the
search.
DU> How about splitting ~/.authinfo.gpg into 2 files, one is for non-secret
DU> information and another is for secret information? The non-secret file
DU> would be a plain text compatible with netrc, while the secret file would
DU> be encrypted and the decrypted content is a simple 1:1 mapping from ID
DU> (auth-source token?) to password.
That's exactly why `auth-sources' defaults to the list "~/.authinfo.gpg"
"~/.authinfo" "~/.netrc". I'm not sure why I'd make the encrypted file
in a different format, though. That would make it hard to move entries
between the two formats and would confuse users. Can you explain if I
misunderstood?
Don't forget auth-source.el supports the Secrets API as well, which has
a completely different way to search and expand results. I'll work on
the 'secrets backend to make it connect with Chrome password entries,
for instance.
Thanks
Ted
next prev parent reply other threads:[~2011-02-23 2:36 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-20 18:19 Sivaram Neelakantan
2011-02-21 1:27 ` Lars Ingebrigtsen
2011-02-21 1:35 ` Lars Ingebrigtsen
2011-02-22 22:03 ` Ted Zlatanov
2011-02-23 2:14 ` Daiki Ueno
2011-02-23 2:36 ` Ted Zlatanov [this message]
2011-02-23 7:20 ` Daiki Ueno
2011-02-23 8:40 ` Lars Ingebrigtsen
2011-02-23 12:25 ` Daiki Ueno
2011-02-23 14:58 ` Ted Zlatanov
2011-02-25 4:35 ` Lars Ingebrigtsen
2011-02-25 7:17 ` Daiki Ueno
2011-02-25 14:40 ` Michael Albinus
2011-02-26 0:49 ` Daiki Ueno
2011-02-26 8:59 ` Michael Albinus
2011-02-26 9:24 ` Daiki Ueno
2011-02-25 14:43 ` Ted Zlatanov
2011-02-23 14:54 ` Ted Zlatanov
2011-02-23 8:36 ` Lars Ingebrigtsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mxln1nqc.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=ding@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).