bug#8069: 23.2.94; auth-source should support ~/.netrc by default

bug#8069: 23.2.94; auth-source should support ~/.netrc by default

[Reuben Thomas]

auth-source is trying to encourage users to use ~/.authinfo rather than
~/.netrc. This is fine. But many programs and libraries still use
~/.netrc (personally, until reading the auth-source manual I had not
heard of ~/.authinfo).

auth-source also wants to encourage users to encrypt their ~/.authinfo
file (indeed, by default it searches ~/.authinfo.gpg, not ~/.authinfo).
The manual actually says “the auth-source library encourages this
confusion”. It is not a good idea to encourage confusion (even if this
remark is made tongue-in-cheek, auth-source’s current behaviour does
indeed encourage confusion).

Hence, I suggest that with a bit of psychological carrot and stick,
auth-source could get closer to its goal:

Carrot: Default to searching ~/.netrc (unencrypted), ~/.authinfo
(unencrypted), and ~/.authinfo.gpg (encrypted). This means that users
with an unencrypted file or old-name file are not annoyed. By all means
create a symlink from ~/.authinfo to ~/.netrc if the former doesn’t
already exist, and don’t actually search ~/.netrc. (But maybe that would
create potential security problems of its own.)

Stick: Display a minibuffer warning message when an unencrypted file is
found. Thus, the user is not actually interrupted (which breeds
annoyance), but does receive a gentle reminder that encrypted is better.

(You could display a more urgent message, or interrupt the user, if a
world-readable authorisation file is found.)

Note that this suggestion does not affect users who have already
migrated to ~/.authinfo{,.gpg}.



In GNU Emacs 23.2.94.1 (i686-pc-linux-gnu, GTK+ Version 2.22.0)
 of 2011-02-15 on canta
Windowing system distributor `The X.Org Foundation', version 11.0.10900000
Important settings:
  value of $LC_ALL: nil
  value of $LC_COLLATE: nil
  value of $LC_CTYPE: nil
  value of $LC_MESSAGES: nil
  value of $LC_MONETARY: nil
  value of $LC_NUMERIC: nil
  value of $LC_TIME: nil
  value of $LANG: en_GB.UTF-8
  value of $XMODIFIERS: nil
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

Major mode: Info

Minor modes in effect:
  diff-auto-refine-mode: t
  recentf-mode: t
  show-paren-mode: t
  savehist-mode: t
  minibuffer-electric-default-mode: t
  iswitchb-mode: t
  icomplete-mode: t
  global-whitespace-mode: t
  global-auto-revert-mode: t
  desktop-save-mode: t
  etags-update-mode: t
  mouse-wheel-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  column-number-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent input:
y y y C-a <help-echo> <down-mouse-1> <mouse-1> C-x 
C-f <M-backspace> <M-backspace> L u a / b i t l <tab> 
M a k <tab> . a <tab> <backspace> <backspace> <return> 
C-x b <return> C-h i C-s a u t o c o n f M-< <down> 
<down> <down> <down> <down> <down> <down> <down> <down> 
<down> <down> <down> <down> <down> <down> <return> 
<down> <down> <down> <down> <down> <down> <down> <down> 
<down> <down> <down> <down> <down> <down> <down> <down> 
<down> <down> <down> <down> <down> <down> <down> <down> 
<down> <down> <down> <down> <down> <down> <down> <down> 
<down> <down> <down> <up> <up> <up> <up> <down> <return> 
n C-s g p g C-a C-n C-n C-n C-n C-n C-n C-n C-n C-n 
C-n C-n C-n C-n C-s E P A C-s C-s C-s C-s C-s C-s C-s 
C-s C-s C-s C-a C-s n e t r c C-s C-s C-s C-s C-s C-s 
C-s C-s C-s C-s C-s C-s C-s C-s C-a C-s u s e r s ' 
C-s C-a C-s C-s C-s C-s C-s C-s C-a M-x r e p o r t 
- b e <backspace> <backspace> e m a c s - b u g <return> 
R <backspace> T y p o SPC i n SPC a u <backspace> <backspace> 
" H e l p SPC f o r SPC d e v e l o p e r s " S-SPC 
n o d e SPC o f SPC a u t h - s o u r c e SPC m a n 
u a l <return> u s e r s C-q ' SPC - > S-SPC u s e 
r C-q ' s C-c C-c y e s <return> M-x r e p o r t - 
e m a c s - b u g <return>

Recent messages:
Ignoring redundant directory /usr/share/emacs-snapshot/site-lisp/bbdb
Checking 1 files in /usr/share/emacs/site-lisp/autoconf...
Ignoring redundant directory /usr/share/emacs-snapshot/site-lisp/auctex
Checking 21 files in /usr/share/emacs/site-lisp/auctex...
Ignoring redundant directory /usr/share/emacs-snapshot/site-lisp/inform-mode
Ignoring redundant directory /usr/share/emacs-snapshot/site-lisp/ocaml-mode
Checking for load-path shadows...done
Sending...
Sending via mail...
Sending...done

Load-path shadows:
/home/rrt/.emacs.d/elpa/ruby-mode-1.1/ruby-mode hides /usr/share/emacs-snapshot/site-lisp/ruby1.8-elisp/ruby-mode
/home/rrt/.emacs.d/elpa/css-mode-1.0/css-mode hides /usr/local/share/emacs/23.2.94/site-lisp/css-mode/css-mode
/home/rrt/.emacs.d/elpa/dictionary-1.8.7/link hides /usr/local/share/emacs/23.2.94/site-lisp/dictionary-el/link
/home/rrt/.emacs.d/elpa/dictionary-1.8.7/connection hides /usr/local/share/emacs/23.2.94/site-lisp/dictionary-el/connection
/home/rrt/.emacs.d/elpa/dictionary-1.8.7/dictionary-init hides /usr/local/share/emacs/23.2.94/site-lisp/dictionary-el/dictionary-init
/home/rrt/.emacs.d/elpa/dictionary-1.8.7/dictionary hides /usr/local/share/emacs/23.2.94/site-lisp/dictionary-el/dictionary
/home/rrt/local/share/emacs/site-lisp/dict hides /usr/local/share/emacs/23.2.94/site-lisp/emacs-goodies-el/dict
/home/rrt/.emacs.d/elpa/css-mode-1.0/css-mode hides /usr/local/share/emacs/23.2.94/lisp/textmodes/css-mode
/home/rrt/.emacs.d/elpa/ruby-mode-1.1/ruby-mode hides /usr/local/share/emacs/23.2.94/lisp/progmodes/ruby-mode
/home/rrt/.emacs.d/elpa/css-mode-1.0/css-mode hides /usr/share/emacs/site-lisp/css-mode/css-mode
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-info hides /usr/share/emacs/site-lisp/auctex/tex-info
/usr/local/share/emacs/23.2.94/site-lisp/auctex/context-nl hides /usr/share/emacs/site-lisp/auctex/context-nl
/usr/local/share/emacs/23.2.94/site-lisp/auctex/context-en hides /usr/share/emacs/site-lisp/auctex/context-en
/usr/local/share/emacs/23.2.94/site-lisp/auctex/latex hides /usr/share/emacs/site-lisp/auctex/latex
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-mik hides /usr/share/emacs/site-lisp/auctex/tex-mik
/usr/local/share/emacs/23.2.94/site-lisp/dictionary-el/lpath hides /usr/share/emacs/site-lisp/auctex/lpath
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-buf hides /usr/share/emacs/site-lisp/auctex/tex-buf
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-jp hides /usr/share/emacs/site-lisp/auctex/tex-jp
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-bar hides /usr/share/emacs/site-lisp/auctex/tex-bar
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex hides /usr/share/emacs/site-lisp/auctex/tex
/usr/local/share/emacs/23.2.94/site-lisp/auctex/multi-prompt hides /usr/share/emacs/site-lisp/auctex/multi-prompt
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-fptex hides /usr/share/emacs/site-lisp/auctex/tex-fptex
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-font hides /usr/share/emacs/site-lisp/auctex/tex-font
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-fold hides /usr/share/emacs/site-lisp/auctex/tex-fold
/usr/local/share/emacs/23.2.94/site-lisp/auctex/texmathp hides /usr/share/emacs/site-lisp/auctex/texmathp
/usr/local/share/emacs/23.2.94/site-lisp/auctex/context hides /usr/share/emacs/site-lisp/auctex/context
/usr/local/share/emacs/23.2.94/site-lisp/auctex/font-latex hides /usr/share/emacs/site-lisp/auctex/font-latex
/usr/local/share/emacs/23.2.94/site-lisp/auctex/bib-cite hides /usr/share/emacs/site-lisp/auctex/bib-cite
/usr/local/share/emacs/23.2.94/site-lisp/auctex/toolbar-x hides /usr/share/emacs/site-lisp/auctex/toolbar-x
/usr/local/share/emacs/23.2.94/site-lisp/auctex/tex-style hides /usr/share/emacs/site-lisp/auctex/tex-style

Features:
(gnus-msg gnus-art mm-uu mml2015 epg-config mm-view smime dig gnus-sum
nnoo gnus-group gnus-undo nnmail mail-source format-spec gnus-start
gnus-spec gnus-int gnus-range gnus-win gnus gnus-ems shadow sort message
sendmail ecomplete rfc822 mml mml-sec password-cache mm-decode mm-bodies
mm-encode mailcap mail-parse rfc2231 rfc2047 rfc2045 qp ietf-drums
mailabbrev nnheader gnus-util netrc time-date mm-util mail-prsvr
gmm-utils mailheader canlock sha1 hex-util hashcash mail-utils emacsbug
info find-func pp novice autoconf autoconf-mode tar-mode jka-compr
bibtex log-edit pcvs-util add-log diff-git diff-mode vc vc-dispatcher
cperl-mode vc-git mail-extr make-mode tabify inform-mode cus-edit
texmathp preview prv-emacs byte-opt warnings tex-buf noutline outline
font-latex bytecomp byte-compile latex tex-style tex latexenc newcomment
grep compile longlines face-remap flyspell multi-isearch dired-aux dired
help-mode view filladapt completing-help recentf tree-widget wid-edit
uniquify paren savehist minibuf-eldef iswitchb icomplete whitespace
autorevert time cus-start cus-load desktop server php-mode etags
cc-langs cc-mode cc-fonts cc-menus cc-cmds cc-styles cc-align cc-engine
cc-vars cc-defs speedbar sb-image ezimage dframe lua-mode regexp-opt
comint ring ropemacs pymacs smart-quotes ffap ispell etags-update
auto-dictionary-autoloads css-mode-autoloads dictionary-autoloads
diff-git-autoloads dired-isearch-autoloads full-ack-autoloads
guess-style-autoloads js2-mode-autoloads kill-ring-search-autoloads
lambdacalc-autoloads magit-autoloads mv-shell-autoloads
ruby-mode-autoloads tumble-autoloads http-post-simple-autoloads package
reporter advice advice-preload yasnippet help-fns derived edmacro kmacro
easymenu assoc cl cl-19 muse-autoloads emacs-goodies-el
emacs-goodies-custom emacs-goodies-loaddefs easy-mmode bbdb-autoloads
preview-latex tex-site auto-loads tooltip ediff-hook vc-hooks
lisp-float-type mwheel x-win x-dnd font-setting tool-bar dnd fontset
image fringe lisp-mode register page menu-bar rfn-eshadow timer select
scroll-bar mldrag mouse jit-lock font-lock syntax facemenu font-core
frame cham georgian utf-8-lang misc-lang vietnamese tibetan thai
tai-viet lao korean japanese hebrew greek romanian slovak czech european
ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook help
simple abbrev loaddefs button minibuffer faces cus-face files
text-properties overlay md5 base64 format env code-pages mule custom
widget hashtable-print-readable backquote make-network-process dbusbind
system-font-setting font-render-setting gtk x-toolkit x multi-tty emacs)

-- 
http://rrt.sc3d.org/

bug#8069: 23.2.94; auth-source should support ~/.netrc by default

[Lars Magne Ingebrigtsen]

Reuben Thomas <rrt@sc3d.org> writes:

> auth-source is trying to encourage users to use ~/.authinfo rather than
> ~/.netrc. This is fine. But many programs and libraries still use
> ~/.netrc (personally, until reading the auth-source manual I had not
> heard of ~/.authinfo).

I don't quite remember why we started using ~/.authinfo instead of
~/.netrc?  I think that change was done a long, long time ago.  (At
least for nntp.el.)  Anybody remember?  Was there a technical reason?

This was done in:

66292b12 lisp/nntp.el      (Lars Magne Ingebrigtsen 1998-03-07 16:19:30 +0000  243) (defcustom nntp-authinfo-file "~/.authinfo"

and the ChangeLog entry helpfully says

+	* nntp.el (nntp-authinforc-file): Changed default.

Yay me.

But, yes, I think ~/.netrc should be added to the list of auth sources
to consult.

> Carrot: Default to searching ~/.netrc (unencrypted), ~/.authinfo
> (unencrypted), and ~/.authinfo.gpg (encrypted). This means that users
> with an unencrypted file or old-name file are not annoyed.

Agreed.

> By all means create a symlink from ~/.authinfo to ~/.netrc if the
> former doesn’t already exist, and don’t actually search ~/.netrc. (But
> maybe that would create potential security problems of its own.)

Nah.  Symlinks shouldn't be necessary.

> Stick: Display a minibuffer warning message when an unencrypted file is
> found. Thus, the user is not actually interrupted (which breeds
> annoyance), but does receive a gentle reminder that encrypted is better.

No, I don't think any reminders are necessary.  It's perfectly
reasonable to keep your passwords (for services you don't consider to be
super-secret for you) unencrypted.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen

Re: bug#8069: 23.2.94; auth-source should support ~/.netrc by default

[Ted Zlatanov]

On Thu, 17 Feb 2011 22:14:53 +0000 Reuben Thomas <rrt@sc3d.org> wrote: 

RT> Carrot: Default to searching ~/.netrc (unencrypted), ~/.authinfo
RT> (unencrypted), and ~/.authinfo.gpg (encrypted). This means that users
RT> with an unencrypted file or old-name file are not annoyed. By all means
RT> create a symlink from ~/.authinfo to ~/.netrc if the former doesn’t
RT> already exist, and don’t actually search ~/.netrc. (But maybe that would
RT> create potential security problems of its own.)

I want the .gpg file first because I really want to push people towards
encrypting sensitive data.  Otherwise that's fine and a trivial change
and I'll make it soon.

RT> Stick: Display a minibuffer warning message when an unencrypted file is
RT> found. Thus, the user is not actually interrupted (which breeds
RT> annoyance), but does receive a gentle reminder that encrypted is better.

RT> (You could display a more urgent message, or interrupt the user, if a
RT> world-readable authorisation file is found.)

I don't think auth-source.el should undertake that kind of monitoring.
It's annoying and, when incorrect, *very* annoying.

RT> Note that this suggestion does not affect users who have already
RT> migrated to ~/.authinfo{,.gpg}.

It will do an extra fopen() every time something can't be found, even
when .netrc doesn't exist, so it definitely affects people.  I will add
.netrc because it's sensible but I don't like so many file searches.

Ted

Re: bug#8069: 23.2.94; auth-source should support ~/.netrc by default

[Ted Zlatanov]

On Fri, 18 Feb 2011 15:50:07 -0600 Ted Zlatanov <tzz@lifelogs.com> wrote: 

TZ> On Thu, 17 Feb 2011 22:14:53 +0000 Reuben Thomas <rrt@sc3d.org> wrote: 

RT> Carrot: Default to searching ~/.netrc (unencrypted), ~/.authinfo
RT> (unencrypted), and ~/.authinfo.gpg (encrypted). This means that users
RT> with an unencrypted file or old-name file are not annoyed. By all means
RT> create a symlink from ~/.authinfo to ~/.netrc if the former doesn’t
RT> already exist, and don’t actually search ~/.netrc. (But maybe that would
RT> create potential security problems of its own.)

TZ> I want the .gpg file first because I really want to push people towards
TZ> encrypting sensitive data.  Otherwise that's fine and a trivial change
TZ> and I'll make it soon.

I added ~/.netrc as the third file by default now.  Can I close this
bug, Reuben?

Thanks
Ted

bug#8069: 23.2.94; auth-source should support ~/.netrc by default

[Lars Magne Ingebrigtsen]

Lars Magne Ingebrigtsen <lmi@gnus.org> writes:

> But, yes, I think ~/.netrc should be added to the list of auth sources
> to consult.

This has been fixed in No Gnus now.

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/