GNU bug report logs - #8069
23.2.94; auth-source should support ~/.netrc by default

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 8069 in the body.
You can then email your comments to 8069 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Reuben Thomas <rrt <at> sc3d.org>
To: bug-gnu-emacs <at> gnu.org
Subject: 23.2.94; auth-source should support ~/.netrc by default
Date: Thu, 17 Feb 2011 22:14:53 +0000

auth-source is trying to encourage users to use ~/.authinfo rather than
~/.netrc. This is fine. But many programs and libraries still use
~/.netrc (personally, until reading the auth-source manual I had not
heard of ~/.authinfo).

auth-source also wants to encourage users to encrypt their ~/.authinfo
file (indeed, by default it searches ~/.authinfo.gpg, not ~/.authinfo).
The manual actually says “the auth-source library encourages this
confusion”. It is not a good idea to encourage confusion (even if this
remark is made tongue-in-cheek, auth-source’s current behaviour does
indeed encourage confusion).

Hence, I suggest that with a bit of psychological carrot and stick,
auth-source could get closer to its goal:

Carrot: Default to searching ~/.netrc (unencrypted), ~/.authinfo
(unencrypted), and ~/.authinfo.gpg (encrypted). This means that users
with an unencrypted file or old-name file are not annoyed. By all means
create a symlink from ~/.authinfo to ~/.netrc if the former doesn’t
already exist, and don’t actually search ~/.netrc. (But maybe that would
create potential security problems of its own.)

Stick: Display a minibuffer warning message when an unencrypted file is
found. Thus, the user is not actually interrupted (which breeds
annoyance), but does receive a gentle reminder that encrypted is better.

(You could display a more urgent message, or interrupt the user, if a
world-readable authorisation file is found.)

Note that this suggestion does not affect users who have already
migrated to ~/.authinfo{,.gpg}.



In GNU Emacs 23.2.94.1 (i686-pc-linux-gnu, GTK+ Version 2.22.0)
 of 2011-02-15 on canta
Windowing system distributor `The X.Org Foundation', version 11.0.10900000
Important settings:
  value of $LC_ALL: nil
  value of $LC_COLLATE: nil
  value of $LC_CTYPE: nil
  value of $LC_MESSAGES: nil
  value of $LC_MONETARY: nil
  value of $LC_NUMERIC: nil
  value of $LC_TIME: nil
  value of $LANG: en_GB.UTF-8
  value of $XMODIFIERS: nil
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

Major mode: Info

Minor modes in effect:
  diff-auto-refine-mode: t
  recentf-mode: t
  show-paren-mode: t
  savehist-mode: t
  minibuffer-electric-default-mode: t
  iswitchb-mode: t
  icomplete-mode: t
  global-whitespace-mode: t
  global-auto-revert-mode: t
  desktop-save-mode: t
  etags-update-mode: t
  mouse-wheel-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  column-number-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent input:
y y y C-a <help-echo> <down-mouse-1> <mouse-1> C-x 
C-f <M-backspace> <M-backspace> L u a / b i t l <tab> 
M a k <tab> . a <tab> <backspace> <backspace> <return> 
C-x b <return> C-h i C-s a u t o c o n f M-< <down> 
<down> <down> <down> <down> <down> <down> <down> <down> 
<down> <down> <down> <down> <down> <down> <return> 
<down> <down> <down> <down> <down> <down> <down> <down> 
<down> <down> <down> <down> <down> <down> <down> <down> 
<down> <down> <down> <down> <down> <down> <down> <down> 
<down> <down> <down> <down> <down> <down> <down> <down> 
<down> <down> <down> <up> <up> <up> <up> <down> <return> 
n C-s g p g C-a C-n C-n C-n C-n C-n C-n C-n C-n C-n 
C-n C-n C-n C-n C-s E P A C-s C-s C-s C-s C-s C-s C-s 
C-s C-s C-s C-a C-s n e t r c C-s C-s C-s C-s C-s C-s 
C-s C-s C-s C-s C-s C-s C-s C-s C-a C-s u s e r s ' 
C-s C-a C-s C-s C-s C-s C-s C-s C-a M-x r e p o r t 
- b e <backspace> <backspace> e m a c s - b u g <return> 
R <backspace> T y p o SPC i n SPC a u <backspace> <backspace> 
" H e l p SPC f o r SPC d e v e l o p e r s " S-SPC 
n o d e SPC o f SPC a u t h - s o u r c e SPC m a n 
u a l <return> u s e r s C-q ' SPC - > S-SPC u s e 
r C-q ' s C-c C-c y e s <return> M-x r e p o r t - 
e m a c s - b u g <return>

Recent messages:
Ignoring redundant directory /usr/share/emacs-snapshot/site-lisp/bbdb
Checking 1 files in /usr/share/emacs/site-lisp/autoconf...
Ignoring redundant directory /usr/share/emacs-snapshot/site-lisp/auctex
Checking 21 files in /usr/share/emacs/site-lisp/auctex...
Ignoring redundant directory /usr/share/emacs-snapshot/site-lisp/inform-mode
Ignoring redundant directory /usr/share/emacs-snapshot/site-lisp/ocaml-mode
Checking for load-path shadows...done
Sending...
Sending via mail...
Sending...done

Load-path shadows:
/home/rrt/.emacs.d/elpa/ruby-mode-1.1/ruby-mode hides /usr/share/emacs-snapshot/site-lisp/ruby1.8-elisp/ruby-mode
/home/rrt/.emacs.d/elpa/css-mode-1.0/css-mode hides /usr/local/share/emacs/23.2.94/site-lisp/css-mode/css-mode
/home/rrt/.emacs.d/elpa/dictionary-1.8.7/link hides /usr/local/share/emacs/23.2.94/site-lisp/dictionary-el/link
/home/rrt/.emacs.d/elpa/dictionary-1.8.7/connection hides /usr/local/share/emacs/23.2.94/site-lisp/dictionary-el/connection
/home/rrt/.emacs.d/elpa/dictionary-1.8.7/dictionary-init hides /usr/local/share/emacs/23.2.94/site-lisp/dictionary-el/dictionary-init
/home/rrt/.emacs.d/elpa/dictionary-1.8.7/dictionary hides /usr/local/share/emacs/23.2.94/site-lisp/dictionary-el/dictionary
/home/rrt/local/share/emacs/site-lisp/dict hides /usr/local/share/emacs/23.2.94/site-lisp/emacs-goodies-el/dict
/home/rrt/.emacs.d/elpa/css-mode-1.0/css-mode hides /usr/local/share/emacs/23.2.94/lisp/textmodes/css-mode
/home/rrt/.emacs.d/elpa/ruby-mode-1.1/ruby-mode hides /usr/local/share/emacs/23.2.94/lisp/progmodes/ruby-mode
/home/rrt/.emacs.d/elpa/css-mode-1.0/css-mode hides /usr/share/emacs/site-lisp/css-mode/css-mode
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-info hides /usr/share/emacs/site-lisp/auctex/tex-info
/usr/local/share/emacs/23.2.94/site-lisp/auctex/context-nl hides /usr/share/emacs/site-lisp/auctex/context-nl
/usr/local/share/emacs/23.2.94/site-lisp/auctex/context-en hides /usr/share/emacs/site-lisp/auctex/context-en
/usr/local/share/emacs/23.2.94/site-lisp/auctex/latex hides /usr/share/emacs/site-lisp/auctex/latex
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-mik hides /usr/share/emacs/site-lisp/auctex/tex-mik
/usr/local/share/emacs/23.2.94/site-lisp/dictionary-el/lpath hides /usr/share/emacs/site-lisp/auctex/lpath
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-buf hides /usr/share/emacs/site-lisp/auctex/tex-buf
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-jp hides /usr/share/emacs/site-lisp/auctex/tex-jp
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-bar hides /usr/share/emacs/site-lisp/auctex/tex-bar
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex hides /usr/share/emacs/site-lisp/auctex/tex
/usr/local/share/emacs/23.2.94/site-lisp/auctex/multi-prompt hides /usr/share/emacs/site-lisp/auctex/multi-prompt
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-fptex hides /usr/share/emacs/site-lisp/auctex/tex-fptex
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-font hides /usr/share/emacs/site-lisp/auctex/tex-font
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-fold hides /usr/share/emacs/site-lisp/auctex/tex-fold
/usr/local/share/emacs/23.2.94/site-lisp/auctex/texmathp hides /usr/share/emacs/site-lisp/auctex/texmathp
/usr/local/share/emacs/23.2.94/site-lisp/auctex/context hides /usr/share/emacs/site-lisp/auctex/context
/usr/local/share/emacs/23.2.94/site-lisp/auctex/font-latex hides /usr/share/emacs/site-lisp/auctex/font-latex
/usr/local/share/emacs/23.2.94/site-lisp/auctex/bib-cite hides /usr/share/emacs/site-lisp/auctex/bib-cite
/usr/local/share/emacs/23.2.94/site-lisp/auctex/toolbar-x hides /usr/share/emacs/site-lisp/auctex/toolbar-x
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-style hides /usr/share/emacs/site-lisp/auctex/tex-style

Features:
(gnus-msg gnus-art mm-uu mml2015 epg-config mm-view smime dig gnus-sum
nnoo gnus-group gnus-undo nnmail mail-source format-spec gnus-start
gnus-spec gnus-int gnus-range gnus-win gnus gnus-ems shadow sort message
sendmail ecomplete rfc822 mml mml-sec password-cache mm-decode mm-bodies
mm-encode mailcap mail-parse rfc2231 rfc2047 rfc2045 qp ietf-drums
mailabbrev nnheader gnus-util netrc time-date mm-util mail-prsvr
gmm-utils mailheader canlock sha1 hex-util hashcash mail-utils emacsbug
info find-func pp novice autoconf autoconf-mode tar-mode jka-compr
bibtex log-edit pcvs-util add-log diff-git diff-mode vc vc-dispatcher
cperl-mode vc-git mail-extr make-mode tabify inform-mode cus-edit
texmathp preview prv-emacs byte-opt warnings tex-buf noutline outline
font-latex bytecomp byte-compile latex tex-style tex latexenc newcomment
grep compile longlines face-remap flyspell multi-isearch dired-aux dired
help-mode view filladapt completing-help recentf tree-widget wid-edit
uniquify paren savehist minibuf-eldef iswitchb icomplete whitespace
autorevert time cus-start cus-load desktop server php-mode etags
cc-langs cc-mode cc-fonts cc-menus cc-cmds cc-styles cc-align cc-engine
cc-vars cc-defs speedbar sb-image ezimage dframe lua-mode regexp-opt
comint ring ropemacs pymacs smart-quotes ffap ispell etags-update
auto-dictionary-autoloads css-mode-autoloads dictionary-autoloads
diff-git-autoloads dired-isearch-autoloads full-ack-autoloads
guess-style-autoloads js2-mode-autoloads kill-ring-search-autoloads
lambdacalc-autoloads magit-autoloads mv-shell-autoloads
ruby-mode-autoloads tumble-autoloads http-post-simple-autoloads package
reporter advice advice-preload yasnippet help-fns derived edmacro kmacro
easymenu assoc cl cl-19 muse-autoloads emacs-goodies-el
emacs-goodies-custom emacs-goodies-loaddefs easy-mmode bbdb-autoloads
preview-latex tex-site auto-loads tooltip ediff-hook vc-hooks
lisp-float-type mwheel x-win x-dnd font-setting tool-bar dnd fontset
image fringe lisp-mode register page menu-bar rfn-eshadow timer select
scroll-bar mldrag mouse jit-lock font-lock syntax facemenu font-core
frame cham georgian utf-8-lang misc-lang vietnamese tibetan thai
tai-viet lao korean japanese hebrew greek romanian slovak czech european
ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook help
simple abbrev loaddefs button minibuffer faces cus-face files
text-properties overlay md5 base64 format env code-pages mule custom
widget hashtable-print-readable backquote make-network-process dbusbind
system-font-setting font-render-setting gtk x-toolkit x multi-tty emacs)

-- 
http://rrt.sc3d.org/

Message #8 received at 8069 <at> debbugs.gnu.org (full text, mbox):

From: Lars Magne Ingebrigtsen <lmi <at> gnus.org>
To: Reuben Thomas <rrt <at> sc3d.org>
Cc: 8069 <at> debbugs.gnu.org
Subject: Re: bug#8069: 23.2.94; auth-source should support ~/.netrc by default
Date: Thu, 17 Feb 2011 16:37:24 -0800

Reuben Thomas <rrt <at> sc3d.org> writes:

> auth-source is trying to encourage users to use ~/.authinfo rather than
> ~/.netrc. This is fine. But many programs and libraries still use
> ~/.netrc (personally, until reading the auth-source manual I had not
> heard of ~/.authinfo).

I don't quite remember why we started using ~/.authinfo instead of
~/.netrc?  I think that change was done a long, long time ago.  (At
least for nntp.el.)  Anybody remember?  Was there a technical reason?

This was done in:

66292b12 lisp/nntp.el      (Lars Magne Ingebrigtsen 1998-03-07 16:19:30 +0000  243) (defcustom nntp-authinfo-file "~/.authinfo"

and the ChangeLog entry helpfully says

+	* nntp.el (nntp-authinforc-file): Changed default.

Yay me.

But, yes, I think ~/.netrc should be added to the list of auth sources
to consult.

> Carrot: Default to searching ~/.netrc (unencrypted), ~/.authinfo
> (unencrypted), and ~/.authinfo.gpg (encrypted). This means that users
> with an unencrypted file or old-name file are not annoyed.

Agreed.

> By all means create a symlink from ~/.authinfo to ~/.netrc if the
> former doesn’t already exist, and don’t actually search ~/.netrc. (But
> maybe that would create potential security problems of its own.)

Nah.  Symlinks shouldn't be necessary.

> Stick: Display a minibuffer warning message when an unencrypted file is
> found. Thus, the user is not actually interrupted (which breeds
> annoyance), but does receive a gentle reminder that encrypted is better.

No, I don't think any reminders are necessary.  It's perfectly
reasonable to keep your passwords (for services you don't consider to be
super-secret for you) unencrypted.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi <at> gnus.org * Lars Magne Ingebrigtsen

Message #13 received at 8069-close <at> debbugs.gnu.org (full text, mbox):

From: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
To: Reuben Thomas <rrt <at> sc3d.org>
Cc: 8069-close <at> debbugs.gnu.org
Subject: Re: bug#8069: 23.2.94; auth-source should support ~/.netrc by default
Date: Thu, 30 Jun 2011 02:12:16 +0200

Lars Magne Ingebrigtsen <lmi <at> gnus.org> writes:

> But, yes, I think ~/.netrc should be added to the list of auth sources
> to consult.

This has been fixed in No Gnus now.

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.