[CentOS] Unloking gnome keyring on login

Thu Jul 15 07:56:49 UTC 2010
Giulio Troccoli <Giulio.Troccoli at uk.linedata.com>

No-one else has anything to say about this problem?

>


Linedata Limited
Registered Office: 85 Gracechurch St., London, EC3V 0AA
Registered in England and Wales No 3475006 VAT Reg No 710 3140 03

-----Original Message-----


> From: centos-bounces at centos.org
> [mailto:centos-bounces at centos.org] On Behalf Of Mathieu Baudier
> Sent: 14 July 2010 11:01
> To: CentOS mailing list
> Subject: Re: [CentOS] Unloking gnome keyring on login
>
> Sorry, if I was not clear: I was just throwing ideas because
> I will have soon to face a similar need.
> I just wanted to explore if you could avoid using the
> gnome-keyring at all.
> I was not pretending to give you a direct solution for your pb.
>
> > Subversion is already set up correctly to use the keyring
> mechanism to store the password. It works. But, the first
> time I'm asked for the password to unlock the keyring. This
> is what I am trying to avoid. I don't think this has anything
> to do with Subversion.
>
> Yes, but you have to use gnome-keyring in the first place
> because of this SVN password caching issue.
>
> > I'm not sure I understood you here. This way any user
> coming from one of those IP will have access to the
> repository? How would I know who it is though?
>
> You would have to issue certificates for the client.
> Definitely not a good option for you if you have many users.
> Could make sense if these are only "special" users such as
> build processes who need to access the SVN repo.
>
> > We did start with svn:// access, about 5 years ago when we
> started using Subversion, but we abandoned it in favour of
> http://. Honestly, I don't remember what was the problem.
>
> svn+ssh:// is not (exactly) the same as svn://
> - svn:// access a svnserve daemon via the network
> - svn+ssh:// is actually more like file:// (but safer), it
> starts remotely an svnserve for each call and only for the
> duration of this call, reuse the OS credential and access the
> repository on the filesystem directly => it can be combined
> with http:// and access the same repository, but again would
> only work reasonably if there are not too many such accesses
> => if your OS users are also managed by LDAP this could offer
> you a consistent approach: in the end you would have the same
> user names in subversion whether you access it one way or the other
>
> > What do you mean by "I hope your developers are not working
> on their code on a server from the command line" ?
>
> I was just joking. Usually people develop from their workstation.
> Although I have already seen some development being done
> directly with vi on headless servers...
>
> > Most of the work is done on PC, so gnome-keyring is not
> needed. But some work is done on the server, in personal
> working copies, and therefore I need a mechanism to store
> passwords. Because these are company passwords, I used LDAPS
> to authenticate against the company AD, they need to be encrypted.
>
> If you PC are running Linux, then you have the same problem
> (unencrypted password).
> But I guess your users are on Windows PCs.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos