From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.devel
Subject: Re: can emacs use the mac os x keychain?
Date: Fri, 30 Jul 2010 08:24:28 -0500
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Message-ID: <87sk31nlv7.fsf@lifelogs.com>
References: <370a1897-25aa-418f-9631-1570dfa99de3@z7g2000yqb.googlegroups.com>
	<barmar-C56D33.00021721042010@news.eternal-september.org>
	<87633kaess.fsf@lifelogs.com>
	<8d7c78ee-6ba8-448a-8f86-3d585e1af77f@u32g2000vbc.googlegroups.com>
	<87vd8z2myy.fsf@lifelogs.com>
	<01ea3506-d715-491d-b360-3abf34e98013@i31g2000yqm.googlegroups.com>
	<87r5iq1hjk.fsf@lifelogs.com> <871vanu08g.fsf@lifelogs.com>
	<wlocdpltct.wl%mituharu@math.s.chiba-u.ac.jp>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: dough.gmane.org 1280496303 6104 80.91.229.12 (30 Jul 2010 13:25:03 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Fri, 30 Jul 2010 13:25:03 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Jul 30 15:25:02 2010
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1OepaA-00043m-4d
	for ged-emacs-devel@m.gmane.org; Fri, 30 Jul 2010 15:25:02 +0200
Original-Received: from localhost ([127.0.0.1]:54610 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1Oepa9-0004fT-CL
	for ged-emacs-devel@m.gmane.org; Fri, 30 Jul 2010 09:25:01 -0400
Original-Received: from [140.186.70.92] (port=47013 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Oepa1-0004do-BI
	for emacs-devel@gnu.org; Fri, 30 Jul 2010 09:24:54 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1OepZz-000332-VN
	for emacs-devel@gnu.org; Fri, 30 Jul 2010 09:24:53 -0400
Original-Received: from lo.gmane.org ([80.91.229.12]:52469)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1OepZz-00032n-If
	for emacs-devel@gnu.org; Fri, 30 Jul 2010 09:24:51 -0400
Original-Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1OepZu-0003vp-KG
	for emacs-devel@gnu.org; Fri, 30 Jul 2010 15:24:46 +0200
Original-Received: from 38.98.147.130 ([38.98.147.130])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Fri, 30 Jul 2010 15:24:46 +0200
Original-Received: from tzz by 38.98.147.130 with local (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Fri, 30 Jul 2010 15:24:46 +0200
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 33
Original-X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: 38.98.147.130
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0.50 (gnu/linux)
Cancel-Lock: sha1:5FVNV5bqyoVSDk/oJg3PP4x12Ko=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:128016
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/128016>

On Fri, 30 Jul 2010 09:13:22 +0900 YAMAMOTO Mitsuharu <mituharu@math.s.chiba-u.ac.jp> wrote: 

>>>>>> On Wed, 28 Jul 2010 09:53:03 -0500, Ted Zlatanov <tzz@lifelogs.com> said:
>> Adrian, is there any chance that the NS Emacs port can provide those
>> keychain functions through an ELisp layer?  It would make it easier
>> and more secure to get user passwords, plus users wouldn't need to
>> install the helper program.

YM> Mac OS X 10.3 or later comes with a command line interface
YM> /usr/bin/security for keychains.  Did you try it?  Or do you mean it
YM> was not sufficient with respect to functionality or security?

YM> A merit of the use of an external program is that we can use it
YM> regardless of several builds on the platform including TTY-only and
YM> X11.

I didn't know about this helper app.  Thank you for mentioning it.  I
expected to have to write a special one (see the original post in this
thread).  If it pops up the GUI dialog when possible, it's sufficient in
terms of UI functionality, but we also have to worry about X11 and TTY
modes (and what if you log in remotely over SSH?).

If /usr/bin/security can handle regular and internet keychains (the two
types David Reitter mentioned) then it's sufficient in terms of backend
functionality.  I don't think it can ever be as secure, however, as a
direct C call, so for security I'd rather use direct C calls if that's
an option.

I am far from expert on Mac OS X issues so I'll go with whatever you,
David Reitter, and Adrian Robert (and other experts on that platform)
decide.

Ted