Re: can emacs use the mac os x keychain?

all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Ted Zlatanov <tzz@lifelogs.com>
To: emacs-devel@gnu.org
Subject: Re: can emacs use the mac os x keychain?
Date: Thu, 29 Jul 2010 15:33:04 -0500	[thread overview]
Message-ID: <878w4uowov.fsf@lifelogs.com> (raw)
In-Reply-To: E08AA7AC-445E-4EBF-87F2-CD3D4E241156@gmail.com

On Thu, 29 Jul 2010 14:52:14 -0400 David Reitter <david.reitter@gmail.com> wrote: 

DR> On Jul 29, 2010, at 9:17 AM, Ted Zlatanov wrote:
>> 
AR> A useful-sounding idea but seems mainly like something that would be
AR> a third-party package or maybe part of Aquamacs.  Are there any
AR> platform-independent parts of the needed functionality that the NS
AR> port lacks and Emacs on X11 or W32 has?
>> 
DR> ...
>> Assuming we get the NS port access to the Mac OS X keychain, that leaves
>> W32 as the only major platform lacking keychain support.  I don't
>> believe W32 has a standard keychain so that may be OK.

DR> I principle, the C part would be fairly simple.  There are separate
DR> functions for "internet passwords", which retrieve and store
DR> passwords for a host/port/account combination.

DR> Am I right assuming that we would need an API paralleling that
DR> provided by secrets.el?

It can be different.  auth-source.el folds the various backends under a
common interface, so I think it's best to provide simple mappings to the
underlying calls and let auth-source.el worry about the rest.  The
internet keychain calls, for instance, should be separated.

DR> There are a few issues as far as I can see:

DR> - The user is prompted via a graphical dialog to unlock a keychain
DR> (i.e., to provide a password protecting all the passwords).  When in
DR> TTY, we shouldn't do this, but unlock the keychain ourselves, i.e.,
DR> read a password from the user via a (password) minibuffer.  This
DR> sort of interaction would have to be handled by an extra Lisp layer.
DR> (Once the application is trusted, this prompt would go away.)  How
DR> is this done in GNOME?

IMHO it's acceptable to unlock only from the GUI but I'm not opposed to
what you describe.  GNOME's Seahorse works only in X, not in the TTY.

DR> - Any passwords that we obtain would probably have to be copied so
DR> we can return them as a Lisp string.  What provisions are in place
DR> in order to protect the copy and guarantee its deletion after use?

None from auth-source.el.  I don't know if ELisp has any variable tags
to do this protection but looking at the manual, I don't believe so.

Ted

next prev parent reply	other threads:[~2010-07-29 20:33 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-04-21  1:55 can emacs use the mac os x keychain? vm user
2010-04-21  4:02 ` Barry Margolin
2010-04-21 17:36   ` Ted Zlatanov
2010-04-22  0:58     ` Barry Margolin
2010-04-23  2:18     ` vm user
     [not found]       ` <87vd8z2myy.fsf@lifelogs.com>
2010-07-25  3:36         ` vm user
2010-07-26 13:47           ` Ted Zlatanov
2010-07-26 14:47             ` Uday S Reddy
2010-07-26 19:32               ` auth-source multiple accounts (was: can emacs use the mac os x keychain?) Ted Zlatanov
     [not found]               ` <87630211kx.fsf_-_@lifelogs.com>
2010-07-26 21:21                 ` auth-source multiple accounts Uday S Reddy
2010-07-27 14:06                   ` Ted Zlatanov
2010-07-27 17:19                     ` Uday S Reddy
2010-07-27 17:59                       ` Ted Zlatanov
2010-07-27 21:35                         ` Uday S Reddy
     [not found]                           ` <87y6cvu53t.fsf@lifelogs.com>
2010-07-28 21:39                             ` Uday S Reddy
2010-10-27 13:18                               ` Ted Zlatanov
2011-02-14 22:15                               ` Ted Zlatanov
2010-07-28 14:53             ` can emacs use the mac os x keychain? Ted Zlatanov
2010-07-29  4:31               ` Adrian Robert
2010-07-29 13:01                 ` Stefan Monnier
2010-07-30  9:17                   ` Richard Stallman
2010-07-30 10:37                     ` Stuart Hacking
2010-07-31  9:57                       ` Richard Stallman
2010-07-30 13:30                     ` Ted Zlatanov
2010-07-29 13:17                 ` Ted Zlatanov
2010-07-29 18:52                   ` David Reitter
2010-07-29 20:33                     ` Ted Zlatanov [this message]
2010-07-30  0:13               ` YAMAMOTO Mitsuharu
2010-07-30 13:24                 ` Ted Zlatanov
2010-08-01  1:44                   ` YAMAMOTO Mitsuharu
2010-08-01  2:53                     ` Ted Zlatanov
2010-07-25 20:09         ` Uday S Reddy
2010-07-25 20:04       ` Uday S Reddy
2010-07-26  2:23         ` vm user

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=878w4uowov.fsf@lifelogs.com \
    --to=tzz@lifelogs.com \
    --cc=emacs-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.