GNU bug report logs - #9113
24.0.50; auth-sources: .authinfo versus .authinfo.gpg

Previous Next

Package: emacs;

Reported by: "Roland Winkler" <winkler <at> gnu.org>

Date: Mon, 18 Jul 2011 03:09:01 UTC

Severity: normal

Found in version 24.0.50

Full log

View this message in rfc822 format

From: "Roland Winkler" <winkler <at> gnu.org>
To: Ted Zlatanov <tzz <at> lifelogs.com>
Cc: 9113 <at> debbugs.gnu.org, Stefan Monnier <monnier <at> iro.umontreal.ca>
Subject: bug#9113: 24.0.50; auth-sources: .authinfo versus .authinfo.gpg
Date: Sat, 28 Jan 2012 02:47:53 -0600

On Thu Jan 26 2012 Ted Zlatanov wrote:
> I don't recall exactly either.  But here's how we can proceed.  We have
> several options:
> 
> 1) go back to authinfo.gpg as the first choice
> 
> 2) use unencrypted authinfo with encrypted password tokens, which looks like
> this:
> 
> machine supertest password
> gpg:jA0EAwMC2tUEaZgM7A5gyWM/owySdCOS/cjoFCuf8LI1d1kYX7z6cjsNkakM04u1geh/iesqyH3XQFI+SEVLb/oEC/EoQ0LIgRRoBiLyu9XZWN1ytY7MQxpPZniFz13oGV4/Dwl8yrP3Hba5LfQpHy2FZRM=
> 
> 3) work on the libnettle support (automatic if we use GnuTLS) so the
> external GPG executable is not needed to generate encrypted password
> tokens or encrypted authinfo files
> 
> 4) use Daiki Ueno's plist storage format (already in auth-source but not
> well tested AFAIK)
> 
> 5) ask the user if he has no authinfo file what he wants to do, and
> choose sensible defaults from the above depending on whether EPA/EPG and
> GPG; or libnettle are available.  If we do that, `auth-sources' will be
> set to 'ask by default.

For me, being a user who does not know too much about the subtleties
of "smart solutions" for this problem, it would already be helpful
if the relevant docstrings / info pages / a *Warnings* buffer
contained a warning like

  It is highly recommended to store the file .authinfo as an
  encrypted file as .authinfo.gpg, though in some cases such a
  solution can be inconvenient or otherwise problematic.

On the other hand, describe-variable currently gives for
auth-sources

  auth-sources is a variable defined in `auth-source.el'.
  Its value is ("~/.authinfo" "~/.authinfo.gpg" "~/.netrc")
  
  Documentation:
  List of authentication sources.
  
  The default will get login and password information from
  "~/.authinfo.gpg", which you should set up with the EPA/EPG
  packages to be encrypted.  If that file doesn't exist, it will
  try the unencrypted version "~/.authinfo" and the famous
  "~/.netrc" file.
  
  See the auth.info manual for details.

What general scheme of precedence is implemented here if
auth-sources is a list and the "default value" in this list is not
the first or last one, but the second? Or is this just a bug in the
docstring? 

For this problem, I cannot find helpful comments in the auth.info
manual either. I suggest that the docstring of auth-sources should
provide a hyperlink to the relevant section of the auth.info manual.

Roland
This bug report was last modified 13 years and 123 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.