global authinfo mechanism in Emacs, Gnus, Tramp (was: mail-source.el patch to use netrc-parse)

global authinfo mechanism in Emacs, Gnus, Tramp (was: mail-source.el patch to use netrc-parse)

[Ted Zlatanov]

Reiner Steib wrote:
> On Tue, Feb 05 2008, Ted Zlatanov wrote:
> > Also, I think instead of the current variables
> >
> > (setq
> >  nnimap-authinfo-file "~/.authinfo.enc"
> >  nntp-authinfo-file "~/.authinfo.enc"
> >  mail-source-authinfo-file "~/.authinfo.enc"
> >  smtpmail-auth-credentials "~/.authinfo.enc")
> >
> > Gnus should have a single specification:

> `smtpmail.el', (pop3.el) and `mail-source.el' are not Gnus specific.
> So it should be a general Emacs facility.  So please include
> emacs-devel in further discussions.  As all ~/.authinfo parsing is
> done via `netrc.el', it might make sense to define it therein?

> > (setq
> >  authinfo-files '(('nnimap "~/.imap-authinfo.enc")
> >                   (t "~/.authinfo.enc")))

> Maybe a simple value "~/.authinfo" should be equivalent
> to '((t "~/.authinfo")).

Agreed.  Note also I want to transition netrc.el to use EasyPG instead
of encrypt.el, so changes are coming there anyhow.

> > Then we can derive each of those variables at runtime, if they are not
> > set:
> >
> > (setq nnimap-authinfo-file
> >  (or nnimap-authinfo-file (gnus-get-authinfo-file 'nnimap)))
> >
> > WDYT?

I'd deprecate the special variables, personally, and make
gnus-get-authinfo-file respect them but use the global authinfo
otherwise.  Also, the global authinfo could have non-file sources,
e.g. hard-coded strings or shell commands.  I think that's valuable.
I'm tired of specifying special variables for authentication everywhere
in Emacs and in Gnus.  I see a *lot* of questions about setting those
up in Gnus, as well, so I think we can do better.

With a single specification we could also extend it to specify EasyPG
encryption and other things.  Right now, specifying IMAP vs. POP
vs. SMTP (TLS and regular) authentication information is annoying.
Tramp could also use this mechanism.  I've cc-ed emacs-devel and
tramp-devel.

Logically the structure of the global authinfo would be:

entry:
 protocol-or-purpose: ['pop, 'imap, 'imaps, 'ssh, t]
  hardcoded: (:user "me" :password 'ask :cache 60)
  file: (:name "/a/b/c" :epg-parameters () :other-parameters ())
  command: (:program "/bin/true" :parameters ())

This is an initial idea, so don't get hung up on the format.  I
intentionally didn't specify it in Customize format.

If something like this already exists in Emacs, please let me know.

Ted

Re: global authinfo mechanism in Emacs, Gnus, Tramp

[Tom Tromey]

>>>>> "Ted" == Ted Zlatanov <tzz@lifelogs.com> writes:

Ted> I'm tired of specifying special variables for authentication everywhere
Ted> in Emacs and in Gnus.  I see a *lot* of questions about setting those
Ted> up in Gnus, as well, so I think we can do better.

Additionally it would be nice not to have to set the variables by hand
at all... Emacs could remember the passwords in a keyring.

Ted> entry:
Ted>  protocol-or-purpose: ['pop, 'imap, 'imaps, 'ssh, t]
Ted>   hardcoded: (:user "me" :password 'ask :cache 60)
Ted>   file: (:name "/a/b/c" :epg-parameters () :other-parameters ())
Ted>   command: (:program "/bin/true" :parameters ())

Gnome's keyring manager uses (more or less) an application-specified
alist and returns the best match.  That way different users of the
keyring can store the information they need there.

Tom

Re: global authinfo mechanism in Emacs, Gnus, Tramp

[Tom Tromey]

>>>>> "Ted" == Ted Zlatanov <tzz@lifelogs.com> writes:

Ted> Can Emacs ask the Gnome keyring manager over some protocol for a
Ted> user's authentication alist?

Emacs could either use the keyring API directly, or it could use a
helper program.  When I was toying with keyring stuff I went the
latter route.  I can send 'ekeyring.c' (and 'keyring.el' for that
matter) if you want it.

FWIW the hard part about this project is just going through all the
existing elisp and wiring it up to the keyring.

Tom

Re: global authinfo mechanism in Emacs, Gnus, Tramp

[Ted Zlatanov]

On Thu, 28 Feb 2008 09:12:04 -0700 Tom Tromey <tromey@redhat.com> wrote: 

>>>>>> "Ted" == Ted Zlatanov <tzz@lifelogs.com> writes:

Ted> entry:
Ted> protocol-or-purpose: ['pop, 'imap, 'imaps, 'ssh, t]
Ted> hardcoded: (:user "me" :password 'ask :cache 60)
Ted> file: (:name "/a/b/c" :epg-parameters () :other-parameters ())
Ted> command: (:program "/bin/true" :parameters ())

Tom> Gnome's keyring manager uses (more or less) an application-specified
Tom> alist and returns the best match.  That way different users of the
Tom> keyring can store the information they need there.

Can Emacs ask the Gnome keyring manager over some protocol for a user's
authentication alist?  That would be great for those who use Gnome.
Sorry, I'm not one of them so I don't know the protocols and data
formats available.

Ted

Re: global authinfo mechanism in Emacs, Gnus, Tramp

[Ted Zlatanov]

On Thu, 28 Feb 2008 10:48:33 -0700 Tom Tromey <tromey@redhat.com> wrote: 

>>>>>> "Ted" == Ted Zlatanov <tzz@lifelogs.com> writes:
Ted> Can Emacs ask the Gnome keyring manager over some protocol for a
Ted> user's authentication alist?

Tom> Emacs could either use the keyring API directly, or it could use a
Tom> helper program.  When I was toying with keyring stuff I went the
Tom> latter route.  I can send 'ekeyring.c' (and 'keyring.el' for that
Tom> matter) if you want it.

Tom> FWIW the hard part about this project is just going through all the
Tom> existing elisp and wiring it up to the keyring.

Agreed.  I'll write some code for this authinfo/keyring functionality
when I get a chance; I just needed to know if the Gnome keyring
integration was feasible.  I'll start with Gnus which I know best and
then propose my changes for use in other Emacs packages.

Ted