bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg

From: Roland Winkler
Subject: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
Date: Sat, 28 Jan 2012 02:47:53 -0600 
On Thu Jan 26 2012 Ted Zlatanov wrote:
> I don't recall exactly either.  But here's how we can proceed.  We have
> several options:
> 
> 1) go back to authinfo.gpg as the first choice
> 
> 2) use unencrypted authinfo with encrypted password tokens, which looks like
> this:
> 
> machine supertest password
> gpg:jA0EAwMC2tUEaZgM7A5gyWM/owySdCOS/cjoFCuf8LI1d1kYX7z6cjsNkakM04u1geh/iesqyH3XQFI+SEVLb/oEC/EoQ0LIgRRoBiLyu9XZWN1ytY7MQxpPZniFz13oGV4/Dwl8yrP3Hba5LfQpHy2FZRM=
> 
> 3) work on the libnettle support (automatic if we use GnuTLS) so the
> external GPG executable is not needed to generate encrypted password
> tokens or encrypted authinfo files
> 
> 4) use Daiki Ueno's plist storage format (already in auth-source but not
> well tested AFAIK)
> 
> 5) ask the user if he has no authinfo file what he wants to do, and
> choose sensible defaults from the above depending on whether EPA/EPG and
> GPG; or libnettle are available.  If we do that, `auth-sources' will be
> set to 'ask by default.

For me, being a user who does not know too much about the subtleties
of "smart solutions" for this problem, it would already be helpful
if the relevant docstrings / info pages / a *Warnings* buffer
contained a warning like

  It is highly recommended to store the file .authinfo as an
  encrypted file as .authinfo.gpg, though in some cases such a
  solution can be inconvenient or otherwise problematic.

On the other hand, describe-variable currently gives for
auth-sources

  auth-sources is a variable defined in `auth-source.el'.
  Its value is ("~/.authinfo" "~/.authinfo.gpg" "~/.netrc")
  
  Documentation:
  List of authentication sources.
  
  The default will get login and password information from
  "~/.authinfo.gpg", which you should set up with the EPA/EPG
  packages to be encrypted.  If that file doesn't exist, it will
  try the unencrypted version "~/.authinfo" and the famous
  "~/.netrc" file.
  
  See the auth.info manual for details.

What general scheme of precedence is implemented here if
auth-sources is a list and the "default value" in this list is not
the first or last one, but the second? Or is this just a bug in the
docstring? 

For this problem, I cannot find helpful comments in the auth.info
manual either. I suggest that the docstring of auth-sources should
provide a hyperlink to the relevant section of the auth.info manual.

Roland
reply via email to
[Prev in Thread] Current Thread [Next in Thread]