Re: Modifying Emacs to use the Mac OS X Keychain Services

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Modifying Emacs to use the Mac OS X Keychain Services

From:	Michael Albinus
Subject:	Re: Modifying Emacs to use the Mac OS X Keychain Services
Date:	Mon, 06 Jun 2011 22:26:11 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux)

Ben Key <address@hidden> writes:

> Hello,

Hi Ben,

> I am still working on this task.  I need some more advice though.

Ted did answer already from the auth-source.el pov. Here are some more
details from secrets.el.

> But, after taking another look at auth-source.el, I am wondering if
> this was the correct design decision.  I am wondering if I should
> instead be interpreting the collection parameter as an indication of
> which keychain file to store the passwords in.  I could interpret the
> value "default" for the collection parameter as an indication that the
> default keychain should be used.  I could interpret the value "Login"
> or "secrets:Login" as an indication that the Login keychain should be
> used.  Other values for collection parameter could be interpreted as
> an indication that the data should be stored in a file
> {collection}.keychain in ~/Library/Keychains. 
>
> Which interpretation of the collection parameter is the correct one? 
> I ask because I want to be sure to get this right.

A collection in the Secrets Service API is just a bundle of passwords
(more precisely: secret items). It does not tell you how they are
stored. And there are even collections, which are not stored permanently.

With the GNOME Keyring (the implementation of the Secrets Service API I
prefer), there is usually just the collection "login". This is the only
physical collection, if you do not create other ones, and this
collection is stored in the file "~/.gnome2/keyrings/login.keyring".

However, the existence of this collection is not guaranteed by the
API. The only promise of the API is a collection called "default", which
is not a physical collection but an alias. No wonder, initially this
alias points to the "login" collection. You could change this link.

Another collection offered by the Secrets Service API is called
"session". This collection is not a persistent one; it has no physical
representation on your disk, and its lifetime is equal the Secret
Service session (per default, the running desktop session). This
collection is good for people who want a kind of password cache for
reuse, but who do not want it stored permanently.

Best regards, Michael.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Modifying Emacs to use the Mac OS X Keychain Services, Ben Key, 2011/06/05
- Re: Modifying Emacs to use the Mac OS X Keychain Services, Ted Zlatanov, 2011/06/05
- Re: Modifying Emacs to use the Mac OS X Keychain Services, Michael Albinus <=
  - Re: Modifying Emacs to use the Mac OS X Keychain Services, Ben Key, 2011/06/06
    - Re: Modifying Emacs to use the Mac OS X Keychain Services, Michael Albinus, 2011/06/07
    - Message not available
    - Re: Modifying Emacs to use the Mac OS X Keychain Services, Ben Key, 2011/06/08
    - Re: Modifying Emacs to use the Mac OS X Keychain Services, Ted Zlatanov, 2011/06/08
- Re: Modifying Emacs to use the Mac OS X Keychain Services, Ben Key, 2011/06/05
  - Re: Modifying Emacs to use the Mac OS X Keychain Services, Ted Zlatanov, 2011/06/05
- Re: Modifying Emacs to use the Mac OS X Keychain Services, Ben Key, 2011/06/10
  - Re: Modifying Emacs to use the Mac OS X Keychain Services, Ted Zlatanov, 2011/06/10
- Re: Modifying Emacs to use the Mac OS X Keychain Services, Ben Key, 2011/06/11
  - Re: Modifying Emacs to use the Mac OS X Keychain Services, Ben Key, 2011/06/12

Prev by Date: Re: [PATCH updated] Support for filesystem watching (inotify)
Next by Date: Re: Recursive compilation?
Previous by thread: Re: Modifying Emacs to use the Mac OS X Keychain Services
Next by thread: Re: Modifying Emacs to use the Mac OS X Keychain Services
Index(es):
- Date
- Thread