Gnus development mailing list
 help / color / mirror / Atom feed
* New imap Implementation and Keepalive
@ 2010-09-23  2:42 Charles Philip Chan
  2010-09-23 16:09 ` Lars Magne Ingebrigtsen
  2010-09-24  1:01 ` Uday S Reddy
  0 siblings, 2 replies; 31+ messages in thread
From: Charles Philip Chan @ 2010-09-23  2:42 UTC (permalink / raw)
  To: ding

[-- Attachment #1: Type: text/plain, Size: 685 bytes --]


Firstly I want to thank everyone involved for the speedup in the new
imap implementation. However, I am encountering one annoying problem- it
seems like the new implementation does not keep the connection alive
like the old one does. In the old implementation I just need to enter my
imap password once interactively per Gnus session (I wasn't using
auth-sources at that time). With the new implementation my imaps server
(dovecot) drops connection due to inactivity and I need to enter my long
gpg passphrase again if my pass phrase cache have expired.

Thanks.

Charles

-- 
Why use Windows, since there is a door?
(By fachat@galileo.rhein-neckar.de, Andre Fachat)

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-23  2:42 New imap Implementation and Keepalive Charles Philip Chan
@ 2010-09-23 16:09 ` Lars Magne Ingebrigtsen
  2010-09-23 19:29   ` Frank Schmitt
  2010-09-24  1:01 ` Uday S Reddy
  1 sibling, 1 reply; 31+ messages in thread
From: Lars Magne Ingebrigtsen @ 2010-09-23 16:09 UTC (permalink / raw)
  To: ding

Charles Philip Chan <cpchan@sympatico.ca> writes:

> However, I am encountering one annoying problem- it seems like the new
> implementation does not keep the connection alive like the old one
> does.

What's the recommended keepalive method?

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-23 16:09 ` Lars Magne Ingebrigtsen
@ 2010-09-23 19:29   ` Frank Schmitt
  2010-09-23 19:45     ` Lars Magne Ingebrigtsen
  0 siblings, 1 reply; 31+ messages in thread
From: Frank Schmitt @ 2010-09-23 19:29 UTC (permalink / raw)
  To: ding

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> Charles Philip Chan <cpchan@sympatico.ca> writes:
>
>> However, I am encountering one annoying problem- it seems like the new
>> implementation does not keep the connection alive like the old one
>> does.
>
> What's the recommended keepalive method?

I think you send the NOOP command.

-- 
Have you ever considered how much text can fit in eighty columns?  Given that a
signature typically contains up to four lines of text, this space allows you to
attach a tremendous amount of valuable information to your messages.  Seize the
opportunity and don't waste your signature on bullshit that nobody cares about.




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-23 19:29   ` Frank Schmitt
@ 2010-09-23 19:45     ` Lars Magne Ingebrigtsen
  2010-09-23 20:23       ` Frank Schmitt
  0 siblings, 1 reply; 31+ messages in thread
From: Lars Magne Ingebrigtsen @ 2010-09-23 19:45 UTC (permalink / raw)
  To: ding

Frank Schmitt <ich@frank-schmitt.net> writes:

> I think you send the NOOP command.

Right.  How often is it natural to do so?

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-23 19:45     ` Lars Magne Ingebrigtsen
@ 2010-09-23 20:23       ` Frank Schmitt
  2010-09-23 20:28         ` Lars Magne Ingebrigtsen
  0 siblings, 1 reply; 31+ messages in thread
From: Frank Schmitt @ 2010-09-23 20:23 UTC (permalink / raw)
  To: ding

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> Frank Schmitt <ich@frank-schmitt.net> writes:
>
>> I think you send the NOOP command.
>
> Right.  How often is it natural to do so?

Mutt sends it every 15 minutes and their FAQ says servers are required
to keep the connection alive for 30. See
http://wiki.mutt.org/?MuttFaq/RemoteFolder

-- 
Have you ever considered how much text can fit in eighty columns?  Given that a
signature typically contains up to four lines of text, this space allows you to
attach a tremendous amount of valuable information to your messages.  Seize the
opportunity and don't waste your signature on bullshit that nobody cares about.




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-23 20:23       ` Frank Schmitt
@ 2010-09-23 20:28         ` Lars Magne Ingebrigtsen
  0 siblings, 0 replies; 31+ messages in thread
From: Lars Magne Ingebrigtsen @ 2010-09-23 20:28 UTC (permalink / raw)
  To: ding

Frank Schmitt <ich@frank-schmitt.net> writes:

> Mutt sends it every 15 minutes and their FAQ says servers are required
> to keep the connection alive for 30. See
> http://wiki.mutt.org/?MuttFaq/RemoteFolder

Right.  Hm...  I wonder what's the simplest way to implement it....
Just a run-at-time timer, I think...  and I'll have to keep track of
when the last command was so that I don't issue a NOOP while something
else is doing...  stuff.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-23  2:42 New imap Implementation and Keepalive Charles Philip Chan
  2010-09-23 16:09 ` Lars Magne Ingebrigtsen
@ 2010-09-24  1:01 ` Uday S Reddy
  2010-09-24 12:34   ` Frank Schmitt
  2010-09-24 13:00   ` Charles Philip Chan
  1 sibling, 2 replies; 31+ messages in thread
From: Uday S Reddy @ 2010-09-24  1:01 UTC (permalink / raw)
  To: ding

On 9/23/2010 3:42 AM, Charles Philip Chan wrote:
>
> Firstly I want to thank everyone involved for the speedup in the new
> imap implementation. However, I am encountering one annoying problem- it
> seems like the new implementation does not keep the connection alive
> like the old one does. In the old implementation I just need to enter my
> imap password once interactively per Gnus session (I wasn't using
> auth-sources at that time). With the new implementation my imaps server
> (dovecot) drops connection due to inactivity and I need to enter my long
> gpg passphrase again if my pass phrase cache have expired.

I think it is a bit unkind to keep IMAP sessions alive just for the sake of it. 
  The mail server administrators set their time-out policies to make the best 
possible use of resources.  If everybody forcibly keeps their sessions alive, 
the mail servers are likely to run out of connections and refuse new connections.

If the problem is really that the password cache is expiring, it is far better 
to block that instead of trying to tax the mail server.

My two cents.

Cheers,
Uday




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-24  1:01 ` Uday S Reddy
@ 2010-09-24 12:34   ` Frank Schmitt
  2010-09-24 16:34     ` Lars Magne Ingebrigtsen
  2010-09-25 12:52     ` Uday S Reddy
  2010-09-24 13:00   ` Charles Philip Chan
  1 sibling, 2 replies; 31+ messages in thread
From: Frank Schmitt @ 2010-09-24 12:34 UTC (permalink / raw)
  To: ding

Uday S Reddy <u.s.reddy@cs.bham.ac.uk> writes:

> On 9/23/2010 3:42 AM, Charles Philip Chan wrote:
>>
>> Firstly I want to thank everyone involved for the speedup in the new
>> imap implementation. However, I am encountering one annoying problem- it
>> seems like the new implementation does not keep the connection alive
>> like the old one does. In the old implementation I just need to enter my
>> imap password once interactively per Gnus session (I wasn't using
>> auth-sources at that time). With the new implementation my imaps server
>> (dovecot) drops connection due to inactivity and I need to enter my long
>> gpg passphrase again if my pass phrase cache have expired.
>
> I think it is a bit unkind to keep IMAP sessions alive just for the
> sake of it. The mail server administrators set their time-out policies
> to make the best possible use of resources.  If everybody forcibly
> keeps their sessions alive, the mail servers are likely to run out of
> connections and refuse new connections.
>
> If the problem is really that the password cache is expiring, it is
> far better to block that instead of trying to tax the mail server.

No. For IMAP it is perfectly normal that the client keeps the connection
open as long as he is active. It's even in the RFC. Otherwise e.g. IMAP
idle wouldn't be possible. The NOOP command is there for exactly this purpose.

-- 
Have you ever considered how much text can fit in eighty columns?  Given that a
signature typically contains up to four lines of text, this space allows you to
attach a tremendous amount of valuable information to your messages.  Seize the
opportunity and don't waste your signature on bullshit that nobody cares about.




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-24  1:01 ` Uday S Reddy
  2010-09-24 12:34   ` Frank Schmitt
@ 2010-09-24 13:00   ` Charles Philip Chan
  2010-09-25 12:59     ` Uday S Reddy
  1 sibling, 1 reply; 31+ messages in thread
From: Charles Philip Chan @ 2010-09-24 13:00 UTC (permalink / raw)
  To: ding

[-- Attachment #1: Type: text/plain, Size: 670 bytes --]

Uday S Reddy <u.s.reddy@cs.bham.ac.uk> writes:

> I think it is a bit unkind to keep IMAP sessions alive just for the
> sake of it. The mail server administrators set their time-out policies
> to make the best possible use of resources.

This should be implemented as an option like other email programs such
as mutt, Pine, Thunderbird, etc. My imap server is actually local on my
own machine.

> If the problem is really that the password cache is expiring, it is
> far better to block that instead of trying to tax the mail server.

Security?

Charles

-- 
"Never make any mistaeks."
(Anonymous, in a mail discussion about to a kernel bug report.)

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-24 12:34   ` Frank Schmitt
@ 2010-09-24 16:34     ` Lars Magne Ingebrigtsen
  2010-09-25  5:21       ` Charles Philip Chan
  2010-09-25 12:52     ` Uday S Reddy
  1 sibling, 1 reply; 31+ messages in thread
From: Lars Magne Ingebrigtsen @ 2010-09-24 16:34 UTC (permalink / raw)
  To: ding

Frank Schmitt <ich@frank-schmitt.net> writes:

> No. For IMAP it is perfectly normal that the client keeps the
> connection open as long as he is active. It's even in the
> RFC. Otherwise e.g. IMAP idle wouldn't be possible. The NOOP command
> is there for exactly this purpose.

I've now implemented this.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-24 16:34     ` Lars Magne Ingebrigtsen
@ 2010-09-25  5:21       ` Charles Philip Chan
  2010-09-25  6:14         ` Charles Philip Chan
  0 siblings, 1 reply; 31+ messages in thread
From: Charles Philip Chan @ 2010-09-25  5:21 UTC (permalink / raw)
  To: ding

[-- Attachment #1: Type: text/plain, Size: 561 bytes --]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> I've now implemented this.

Thanks Lar. I can see that the connection is keepalive by this:

,----[ Output of "ps aux | grep imap" ]
| dovecot  13679  0.0  0.0  15244  2756 ?        Ss   Sep24   0:00 imap-login --ssl
| hoor     13682  0.0  0.1  21272  5564 ?        S    Sep24   0:02 imap
| hoor     16713  0.0  0.0   6532   808 pts/4    S+   00:38   0:00 grep imap
`----

However, there is still one annoying problem- pinentry-gtk-2 is still
popping up (I need to hit "cancel" every time).

Thanks.

Charles

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25  5:21       ` Charles Philip Chan
@ 2010-09-25  6:14         ` Charles Philip Chan
  2010-09-25 13:43           ` Lars Magne Ingebrigtsen
  0 siblings, 1 reply; 31+ messages in thread
From: Charles Philip Chan @ 2010-09-25  6:14 UTC (permalink / raw)
  To: ding

[-- Attachment #1: Type: text/plain, Size: 462 bytes --]

Charles Philip Chan <cpchan@sympatico.ca> writes:

> However, there is still one annoying problem- pinentry-gtk-2 is still
> popping up (I need to hit "cancel" every time).

I spoke too soon. If I hit "cancel", I have no problems using my dovecot
server. However, it cannot enter my local leafnode server (for nntp)
which requires no auth.

Thanks.

Charles

-- 
"It's God.  No, not Richard Stallman, or Linus Torvalds, but God."
(By Matt Welsh)

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-24 12:34   ` Frank Schmitt
  2010-09-24 16:34     ` Lars Magne Ingebrigtsen
@ 2010-09-25 12:52     ` Uday S Reddy
  1 sibling, 0 replies; 31+ messages in thread
From: Uday S Reddy @ 2010-09-25 12:52 UTC (permalink / raw)
  To: ding

On 9/24/2010 1:34 PM, Frank Schmitt wrote:

> No. For IMAP it is perfectly normal that the client keeps the connection
> open as long as he is active. It's even in the RFC.

Yes, I see that.  I think this part of the spec was most likely 
counter-productive.  There seems to have been an arms race with clients trying 
to keep the connections alive and the servers or server managers trying to 
close them before the clients get around to doing that.  In the end, several 
ISP's now close IMAP connections within minutes.  Even timeouts as short as 30 
seconds have been reported.

Perhaps this game has now been lost irretrievably.

Note that if the client keeps the session alive, then it should take 
responsibility to eventually close the connection.

Cheers,
Uday




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-24 13:00   ` Charles Philip Chan
@ 2010-09-25 12:59     ` Uday S Reddy
  2010-09-25 13:08       ` Rupert Swarbrick
                         ` (2 more replies)
  0 siblings, 3 replies; 31+ messages in thread
From: Uday S Reddy @ 2010-09-25 12:59 UTC (permalink / raw)
  To: ding

On 9/24/2010 2:00 PM, Charles Philip Chan wrote:

>
>> If the problem is really that the password cache is expiring, it is
>> far better to block that instead of trying to tax the mail server.
>
> Security?

My memory is that auth-source.el caches passwords securely.

If your password cache is vulnerable, then your open IMAP session is equally 
vulnerable.  So, I don't see any any particular security advantage to expiring 
the password cache while keeping the sessions alive.

Cheers,
Uday




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 12:59     ` Uday S Reddy
@ 2010-09-25 13:08       ` Rupert Swarbrick
  2010-09-25 15:21       ` Ted Zlatanov
  2010-09-25 15:48       ` Austin F. Frank
  2 siblings, 0 replies; 31+ messages in thread
From: Rupert Swarbrick @ 2010-09-25 13:08 UTC (permalink / raw)
  To: ding

[-- Attachment #1: Type: text/plain, Size: 656 bytes --]

Uday S Reddy <u.s.reddy@cs.bham.ac.uk> writes:

> On 9/24/2010 2:00 PM, Charles Philip Chan wrote:
>
>>
>>> If the problem is really that the password cache is expiring, it is
>>> far better to block that instead of trying to tax the mail server.
>>
>> Security?
>
> My memory is that auth-source.el caches passwords securely.
>
> If your password cache is vulnerable, then your open IMAP session is
> equally vulnerable.  So, I don't see any any particular security
> advantage to expiring the password cache while keeping the sessions
> alive.
>
> Cheers,
> Uday

Could the reason be that many people use the same password for multiple
services?

Rupert

[-- Attachment #2: Type: application/pgp-signature, Size: 315 bytes --]

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25  6:14         ` Charles Philip Chan
@ 2010-09-25 13:43           ` Lars Magne Ingebrigtsen
  2010-09-25 14:07             ` Charles Philip Chan
  0 siblings, 1 reply; 31+ messages in thread
From: Lars Magne Ingebrigtsen @ 2010-09-25 13:43 UTC (permalink / raw)
  To: ding

Charles Philip Chan <cpchan@sympatico.ca> writes:

>> However, there is still one annoying problem- pinentry-gtk-2 is still
>> popping up (I need to hit "cancel" every time).
>
> I spoke too soon. If I hit "cancel", I have no problems using my dovecot
> server. However, it cannot enter my local leafnode server (for nntp)
> which requires no auth.

I'm not sure I understand.  After the latest nnimap change, you're
prompted for passwords for your nntp server, which requires no password? 

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 13:43           ` Lars Magne Ingebrigtsen
@ 2010-09-25 14:07             ` Charles Philip Chan
  2010-09-25 14:16               ` Lars Magne Ingebrigtsen
  2010-09-25 17:35               ` CHENG Gao
  0 siblings, 2 replies; 31+ messages in thread
From: Charles Philip Chan @ 2010-09-25 14:07 UTC (permalink / raw)
  To: ding

[-- Attachment #1: Type: text/plain, Size: 687 bytes --]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> I'm not sure I understand.  After the latest nnimap change, you're
> prompted for passwords for your nntp server, which requires no
> password?

No, what I mean is after the latest change the server is kept alive, but
pinentry-gtk-2 is still popping up. If I click "cancel" on the dialog, I
can enter my imap groups with no problem, but gnus cannot connect to my
leafnode server. However, if I enter in my passphrase, everything is
fine.

Thanks.
Charles 

-- 
"I'd crawl over an acre of 'Visual This++' and 'Integrated Development
That' to get to gcc, Emacs, and gdb.  Thank you."
(By Vance Petree, Virginia Power)

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 14:07             ` Charles Philip Chan
@ 2010-09-25 14:16               ` Lars Magne Ingebrigtsen
  2010-09-25 16:01                 ` Charles Philip Chan
  2010-09-25 17:35               ` CHENG Gao
  1 sibling, 1 reply; 31+ messages in thread
From: Lars Magne Ingebrigtsen @ 2010-09-25 14:16 UTC (permalink / raw)
  To: ding

Charles Philip Chan <cpchan@sympatico.ca> writes:

> No, what I mean is after the latest change the server is kept alive, but
> pinentry-gtk-2 is still popping up. If I click "cancel" on the dialog, I
> can enter my imap groups with no problem, but gnus cannot connect to my
> leafnode server. However, if I enter in my passphrase, everything is
> fine.

pinentry-gtk-2 pops up randomly?

(setq debug-on-quit t) and then `C-g' when it asks you, and post the
resulting backtrace.  That should tell us what's really asking for the
password.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 12:59     ` Uday S Reddy
  2010-09-25 13:08       ` Rupert Swarbrick
@ 2010-09-25 15:21       ` Ted Zlatanov
  2010-09-25 23:03         ` Uday S Reddy
  2010-09-25 15:48       ` Austin F. Frank
  2 siblings, 1 reply; 31+ messages in thread
From: Ted Zlatanov @ 2010-09-25 15:21 UTC (permalink / raw)
  To: ding

On Sat, 25 Sep 2010 13:59:03 +0100 Uday S Reddy <u.s.reddy@cs.bham.ac.uk> wrote: 

USR> My memory is that auth-source.el caches passwords securely.

Sorry, it doesn't.  ELisp is just not able to do that to any reasonable
degree of security.  Unless I misunderstand what you mean by "securely."

Ted




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 12:59     ` Uday S Reddy
  2010-09-25 13:08       ` Rupert Swarbrick
  2010-09-25 15:21       ` Ted Zlatanov
@ 2010-09-25 15:48       ` Austin F. Frank
  2 siblings, 0 replies; 31+ messages in thread
From: Austin F. Frank @ 2010-09-25 15:48 UTC (permalink / raw)
  To: ding

[-- Attachment #1: Type: text/plain, Size: 618 bytes --]

On Sat, Sep 25 2010, Uday S Reddy wrote:

> On 9/24/2010 2:00 PM, Charles Philip Chan wrote:
>>
>>> If the problem is really that the password cache is expiring, it is
>>> far better to block that instead of trying to tax the mail server.
>>
>> Security?
>
> My memory is that auth-source.el caches passwords securely.

What does your auth-source-cache contain?  Mine has plaintext
passwords.  Not sure if this is a problem or not, but from my naive
perspective it does seem like secure caching.

/au

-- 
Austin Frank
http://aufrank.net
GPG Public Key (D7398C2F): http://aufrank.net/personal.asc

[-- Attachment #2: Type: application/pgp-signature, Size: 194 bytes --]

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 14:16               ` Lars Magne Ingebrigtsen
@ 2010-09-25 16:01                 ` Charles Philip Chan
  2010-09-25 16:14                   ` Lars Magne Ingebrigtsen
  0 siblings, 1 reply; 31+ messages in thread
From: Charles Philip Chan @ 2010-09-25 16:01 UTC (permalink / raw)
  To: ding

[-- Attachment #1: Type: text/plain, Size: 509 bytes --]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> pinentry-gtk-2 pops up randomly?
>
> (setq debug-on-quit t) and then `C-g' when it asks you, and post the
> resulting backtrace.  That should tell us what's really asking for the
> password.

Sorry, I can't do that. The calling program does not respond to key
presses when pinentry-gtk-2 is up. There is no way for me to do C-g.

Charles

-- 
"Besides, I think [Slackware] sounds better than 'Microsoft,' don't you?"
(By Patrick Volkerding)

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 16:01                 ` Charles Philip Chan
@ 2010-09-25 16:14                   ` Lars Magne Ingebrigtsen
  2010-09-25 17:23                     ` Dave Goldberg
  2010-09-25 17:53                     ` Charles Philip Chan
  0 siblings, 2 replies; 31+ messages in thread
From: Lars Magne Ingebrigtsen @ 2010-09-25 16:14 UTC (permalink / raw)
  To: ding

Charles Philip Chan <cpchan@sympatico.ca> writes:

>> pinentry-gtk-2 pops up randomly?
>>
>> (setq debug-on-quit t) and then `C-g' when it asks you, and post the
>> resulting backtrace.  That should tell us what's really asking for the
>> password.
>
> Sorry, I can't do that. The calling program does not respond to key
> presses when pinentry-gtk-2 is up. There is no way for me to do C-g.

I have no idea what pinentry-gtk-2 is.  Could you disable it, or
whatever it is that uses it?

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 16:14                   ` Lars Magne Ingebrigtsen
@ 2010-09-25 17:23                     ` Dave Goldberg
  2010-09-25 18:08                       ` Charles Philip Chan
  2010-09-25 17:53                     ` Charles Philip Chan
  1 sibling, 1 reply; 31+ messages in thread
From: Dave Goldberg @ 2010-09-25 17:23 UTC (permalink / raw)
  To: ding


> Charles Philip Chan <cpchan@sympatico.ca> writes:
>>> pinentry-gtk-2 pops up randomly?
>>> 
>>> (setq debug-on-quit t) and then `C-g' when it asks you, and post the
>>> resulting backtrace.  That should tell us what's really asking for the
>>> password.
>> 
>> Sorry, I can't do that. The calling program does not respond to key
>> presses when pinentry-gtk-2 is up. There is no way for me to do C-g.

> I have no idea what pinentry-gtk-2 is.  Could you disable it, or
> whatever it is that uses it?

It sounds to me like Charles only has gpg2 installed but interaction
with Emacs really requires gpg1.

-- 
Dave Goldberg
david.goldberg6@verizon.net



^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 14:07             ` Charles Philip Chan
  2010-09-25 14:16               ` Lars Magne Ingebrigtsen
@ 2010-09-25 17:35               ` CHENG Gao
  2010-09-25 19:01                 ` Charles Philip Chan
  1 sibling, 1 reply; 31+ messages in thread
From: CHENG Gao @ 2010-09-25 17:35 UTC (permalink / raw)
  To: ding

*On Sat, 25 Sep 2010 10:07:17 -0400
* Also sprach Charles Philip Chan <cpchan@sympatico.ca>:

> Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
>
>> I'm not sure I understand.  After the latest nnimap change, you're
>> prompted for passwords for your nntp server, which requires no
>> password?
>
> No, what I mean is after the latest change the server is kept alive, but
> pinentry-gtk-2 is still popping up. If I click "cancel" on the dialog, I
> can enter my imap groups with no problem, but gnus cannot connect to my
> leafnode server. However, if I enter in my passphrase, everything is
> fine.
>
> Thanks.
> Charles 

I use also gpg2+gpg-agent+pinentry though under MacOSX. And I use
leafnode like you. I dont have any problem so I guess problem may lie in
your settings.




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 16:14                   ` Lars Magne Ingebrigtsen
  2010-09-25 17:23                     ` Dave Goldberg
@ 2010-09-25 17:53                     ` Charles Philip Chan
  1 sibling, 0 replies; 31+ messages in thread
From: Charles Philip Chan @ 2010-09-25 17:53 UTC (permalink / raw)
  To: ding

[-- Attachment #1: Type: text/plain, Size: 602 bytes --]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> I have no idea what pinentry-gtk-2 is.  Could you disable it, or
> whatever it is that uses it?

,----
| pinentry is a small collection of dialog programs that allow GnuPG to
| read passphrases and PIN numbers in a secure manner. There are versions
| for the common GTK and Qt toolkits as well as for the text terminal
| (Curses).
`----

The pinentry suite is part of gpg and cannot be turned off in my gpg
version.

Charles

-- 
"...Unix, MS-DOS, and Windows NT (also known as the Good, the Bad, and
the Ugly)."
(By Matt Welsh)

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 17:23                     ` Dave Goldberg
@ 2010-09-25 18:08                       ` Charles Philip Chan
  2010-09-25 18:22                         ` David Engster
  0 siblings, 1 reply; 31+ messages in thread
From: Charles Philip Chan @ 2010-09-25 18:08 UTC (permalink / raw)
  To: ding

[-- Attachment #1: Type: text/plain, Size: 458 bytes --]

Dave Goldberg <david.goldberg6@verizon.net> writes:

> It sounds to me like Charles only has gpg2 installed but interaction
> with Emacs really requires gpg1.

Yes, this is true. My distro (OpenSUSE 11.3) doesn't even offer gpg1. I
wasn't aware that people are still using gpg1. Why does Emacs not work
with gpg2?

Charles

-- 
"Open Standards, Open Documents, and Open Source"

  -- Scott Bradner (Open Sources, 1999 O'Reilly and Associates)

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 18:08                       ` Charles Philip Chan
@ 2010-09-25 18:22                         ` David Engster
  0 siblings, 0 replies; 31+ messages in thread
From: David Engster @ 2010-09-25 18:22 UTC (permalink / raw)
  To: ding

Charles Philip Chan writes:
> Dave Goldberg <david.goldberg6@verizon.net> writes:
>
>> It sounds to me like Charles only has gpg2 installed but interaction
>> with Emacs really requires gpg1.
>
> Yes, this is true. My distro (OpenSUSE 11.3) doesn't even offer gpg1. I
> wasn't aware that people are still using gpg1. Why does Emacs not work
> with gpg2?

gpg2's gpg-agent always uses the program you specified through the
option 'pinentry-program' to securely query you for passphrases. There
are several you can use, including pinentry-gtk2, pinentry-qt4, or
pinentry-ncurses. This is actually to relief the applications from the
task of asking for a passphrase, because many do this the wrong way,
possibly leaving the passphrase in RAM (and hence possibly swap).

My wild guess would be that you are using an encrypted authinfo, and
Emacs has to read that file to see if there are possible credentials
stored there it might need to connect to the server. gpg-agent is
caching the passphrases you enter for a certain time, which you can
specify through options 'default-cache-ttl' and 'max-cache-ttl'.

-David



^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 17:35               ` CHENG Gao
@ 2010-09-25 19:01                 ` Charles Philip Chan
  2010-09-25 22:08                   ` Greg Troxel
  0 siblings, 1 reply; 31+ messages in thread
From: Charles Philip Chan @ 2010-09-25 19:01 UTC (permalink / raw)
  To: ding

[-- Attachment #1: Type: text/plain, Size: 426 bytes --]

CHENG Gao <chenggao@cyberhut.org> writes:

> I use also gpg2+gpg-agent+pinentry though under MacOSX. And I use
> leafnode like you. I dont have any problem so I guess problem may lie
> in your settings.

So the pinentry dialog doesn't pop up for you after the passphrase
cache expires? 

Charles

-- 
There are no threads in a.b.p.erotica,  so there's no  gain in using a
threaded news reader.
(Unknown source)

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 19:01                 ` Charles Philip Chan
@ 2010-09-25 22:08                   ` Greg Troxel
  2010-09-26  1:59                     ` Charles Philip Chan
  0 siblings, 1 reply; 31+ messages in thread
From: Greg Troxel @ 2010-09-25 22:08 UTC (permalink / raw)
  To: Charles Philip Chan; +Cc: ding

[-- Attachment #1: Type: text/plain, Size: 947 bytes --]


Charles Philip Chan <cpchan@sympatico.ca> writes:

> CHENG Gao <chenggao@cyberhut.org> writes:
>
>> I use also gpg2+gpg-agent+pinentry though under MacOSX. And I use
>> leafnode like you. I dont have any problem so I guess problem may lie
>> in your settings.
>
> So the pinentry dialog doesn't pop up for you after the passphrase
> cache expires? 

I use gpg with pinentry-gtk2.  When trying to sign or decrypt, if the
passphrase is not cached, the dialog pops up, and then when it's done,
the operation proceeds.  Then future operations succeed until the cache
expires.

It's true that when the window pops up interrupting emacs doesn't make
the window go away.  What happens is that emacs ran gpg which sent a
query to the gpg-agent process, which popped up the window.  So you
could argue that gpg should withdraw the request when killed, and that
this is a gpg bug.  But I don't think there's anything wrong with gnus.

[-- Attachment #2: Type: application/pgp-signature, Size: 194 bytes --]

^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 15:21       ` Ted Zlatanov
@ 2010-09-25 23:03         ` Uday S Reddy
  0 siblings, 0 replies; 31+ messages in thread
From: Uday S Reddy @ 2010-09-25 23:03 UTC (permalink / raw)
  To: ding

On 9/25/2010 4:21 PM, Ted Zlatanov wrote:
> On Sat, 25 Sep 2010 13:59:03 +0100 Uday S Reddy<u.s.reddy@cs.bham.ac.uk>  wrote:
>
> USR>  My memory is that auth-source.el caches passwords securely.
>
> Sorry, it doesn't.

You are right.  It turns out that I have been using EasyPG's passphrase 
caching, which is probably not all that secure but it serves my needs fine.

Cheers,
Uday




^ permalink raw reply	[flat|nested] 31+ messages in thread

* Re: New imap Implementation and Keepalive
  2010-09-25 22:08                   ` Greg Troxel
@ 2010-09-26  1:59                     ` Charles Philip Chan
  0 siblings, 0 replies; 31+ messages in thread
From: Charles Philip Chan @ 2010-09-26  1:59 UTC (permalink / raw)
  To: ding

[-- Attachment #1: Type: text/plain, Size: 1041 bytes --]

Greg Troxel <gdt@work.lexort.com> writes:

> It's true that when the window pops up interrupting emacs doesn't make
> the window go away.  What happens is that emacs ran gpg which sent a
> query to the gpg-agent process, which popped up the window.  So you
> could argue that gpg should withdraw the request when killed, and that
> this is a gpg bug.

It is not suppose to run gpg again because gnus is still connected to
the imap server. This is what imap keepalive is for and why I requested
it.

> But I don't think there's anything wrong with gnus.

The dialog does not pop up again with any other program that supports
keepalive. Like I said, if you kill the dialog, you will find out that
indeed one is still logged in to the imap server, but then gnus will not
connect to the leafnode server which does not require a user name and
password. Like I said, everything is fine if I enter in my passphrase
again.

Charles

-- 
"sic transit discus mundi"
(From the System Administrator's Guide, by Lars Wirzenius)

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 31+ messages in thread

end of thread, other threads:[~2010-09-26  1:59 UTC | newest]

Thread overview: 31+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-09-23  2:42 New imap Implementation and Keepalive Charles Philip Chan
2010-09-23 16:09 ` Lars Magne Ingebrigtsen
2010-09-23 19:29   ` Frank Schmitt
2010-09-23 19:45     ` Lars Magne Ingebrigtsen
2010-09-23 20:23       ` Frank Schmitt
2010-09-23 20:28         ` Lars Magne Ingebrigtsen
2010-09-24  1:01 ` Uday S Reddy
2010-09-24 12:34   ` Frank Schmitt
2010-09-24 16:34     ` Lars Magne Ingebrigtsen
2010-09-25  5:21       ` Charles Philip Chan
2010-09-25  6:14         ` Charles Philip Chan
2010-09-25 13:43           ` Lars Magne Ingebrigtsen
2010-09-25 14:07             ` Charles Philip Chan
2010-09-25 14:16               ` Lars Magne Ingebrigtsen
2010-09-25 16:01                 ` Charles Philip Chan
2010-09-25 16:14                   ` Lars Magne Ingebrigtsen
2010-09-25 17:23                     ` Dave Goldberg
2010-09-25 18:08                       ` Charles Philip Chan
2010-09-25 18:22                         ` David Engster
2010-09-25 17:53                     ` Charles Philip Chan
2010-09-25 17:35               ` CHENG Gao
2010-09-25 19:01                 ` Charles Philip Chan
2010-09-25 22:08                   ` Greg Troxel
2010-09-26  1:59                     ` Charles Philip Chan
2010-09-25 12:52     ` Uday S Reddy
2010-09-24 13:00   ` Charles Philip Chan
2010-09-25 12:59     ` Uday S Reddy
2010-09-25 13:08       ` Rupert Swarbrick
2010-09-25 15:21       ` Ted Zlatanov
2010-09-25 23:03         ` Uday S Reddy
2010-09-25 15:48       ` Austin F. Frank

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).