[Telepathy] Storing passwords in MC and regsitering new accounts.
David Edmundson
david at davidedmundson.co.uk
Sun Oct 2 04:18:01 PDT 2011
On Sun, Oct 2, 2011 at 7:44 AM, Xavier Claessens <xclaesse at gmail.com> wrote:
> Le dimanche 02 octobre 2011 à 13:12 +1100, Danielle Madeley a écrit :
>> Hi Dave,
>>
>> On Fri, 2011-09-30 at 16:28 +0100, David Edmundson wrote:
>> > Apparently storing passwords in mission control is deprecated. So we
>> > (in KDE Telepathy) have replaced it with storing the passwords with
>> > taking any 'password' parameter and placing it in KWallet.
>>
>> > We've taken this to mean we should not pass any "password" parameters
>> > to MC. Is this correct?
>> > If we do pass them our users (potentially) get bombarded with dialogs
>> > for gnome-keyring, and the password gets stored in two places.
>>
>> The correct mechanism is to create a handler for the SASL auth channel
>> type that implements the X-TELEPATHY-PASSWORD method. You can then
>> provide your own authentication dialog, and save the password wherever
>> you wish (i.e. KWallet). When a Connection Manager requires a password,
>> it will create one of these channels, and you can either provide the
>> password from KWallet or prompt for it.
>>
>> Eventually the 'password' parameter will be deprecated and then
>> eventually removed from all CMs.
>>
That's what we're now doing - good to know we're on the right thing.
I don't think I explained my problem well enough - when we're creating
a telepathy account to connect to an existing jabber account that all
works fine.
However, when I'm creating a new telepathy account that registers a
new account on the server (to use the same terminology as Empathy
"Create a new account" rather than "use an existing account") the
password _needs_ to be sent as a parameter.
Relevant output from gabble.
(telepathy-gabble:3103): tp-glib-DEBUG: started version 0.12.0
(telepathy-glib version 0.15.5)
(telepathy-gabble:3103): tp-glib/params-DEBUG:
tp_base_protocol_sanitize_parameters: using specified value for
account: "temp11 at localhost"
(telepathy-gabble:3103): tp-glib/params-DEBUG:
tp_base_protocol_sanitize_parameters: missing mandatory account
parameter password
..but I've been told I want to avoid sending any password parameters,
because otherwise MC will try and store them and I have my
gnome-keyring mess.
>> Take a look at 'empathy-auth-client' and
>> http://telepathy.freedesktop.org/spec/Channel_Interface_SASL_Authentication.html
>
> Note that not all accounts support password authentification. Now
> xmpp.messenger.live.com accepts only access-token. So your SASL handler
> will have to display a LiveConnect webpage to get that token instead of
> using KWallet to get a password.
>
> Telling this because gabble and empathy were previously assuming the
> X-TELEPATHY-PASSWORD was always present (reported bug with patch to fix
> this).
>
> Regards,
> Xavier Claessens.
>
>
>
More information about the telepathy
mailing list