Re: auth-sources asking for password 2 or 3 times

[Ted Zlatanov <tzz@lifelogs.com>]

On Wed, 23 Feb 2011 11:14:01 +0900 Daiki Ueno <ueno@unixuser.org> wrote: 

DU> Ted Zlatanov <tzz@lifelogs.com> writes:
>> I put a change for this to use lexical-bind and obfuscated data stored
>> inside the lambda function.  I think it's as safe as we can get.  IMHO
>> EPA/EPG are not going to do the caching for us so you were right to move
>> it to the auth-source level.

DU> I have been always unhappy to see that you complain "EPA/EPG are not
DU> going to do the caching" again and again, although I see a pain in the
DU> neck is in auth-source/netrc rather than EPA/EPG.

Sorry if it seems like I'm complaining.  My point was just that EPA/EPG
shouldn't have to do caching to accomodate auth-source.el usage (which
is very different from the user-level interactions).  It works well and
I appreciate how much work you've done on it.

DU> Why auth-source/netrc tries to visit ~/.authinfo.gpg multiple times even
DU> for only one connection?  My guess is that, auth-source/netrc tries to
DU> open that file for each parameter (e.g. user, host, port, password),
DU> right?  If so, it looks to me superfluous, since user/host/port are
DU> generally not a secret information.

I don't think that's the case, at least not anymore (I changed quite a
bit today).  You can see in *Messages* (if you set `auth-source-debug'
to 'trivia) one of these messages:

"auth-source-netrc-parse: using CACHED file data for %s"

or one EPA/EPG decode message like this:

/home/tzz/autodist/f: 0% (0/1949)
/home/tzz/autodist/f: 100% (1949/1949)

per file per search.  If I'm wrong, please let me know so I can fix the
search.

DU> How about splitting ~/.authinfo.gpg into 2 files, one is for non-secret
DU> information and another is for secret information?  The non-secret file
DU> would be a plain text compatible with netrc, while the secret file would
DU> be encrypted and the decrypted content is a simple 1:1 mapping from ID
DU> (auth-source token?) to password.

That's exactly why `auth-sources' defaults to the list "~/.authinfo.gpg"
"~/.authinfo" "~/.netrc".  I'm not sure why I'd make the encrypted file
in a different format, though.  That would make it hard to move entries
between the two formats and would confuse users.  Can you explain if I
misunderstood?

Don't forget auth-source.el supports the Secrets API as well, which has
a completely different way to search and expand results.  I'll work on
the 'secrets backend to make it connect with Chrome password entries,
for instance.

Thanks
Ted