mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-07-21 18:24:49 +00:00
man: clearify plain text secrets in keyfile
This commit is contained in:
parent
a47c48fd84
commit
46dc919e68
|
@ -1134,10 +1134,12 @@ enable=nm-version-min:1.3,nm-version-min:1.2.6,nm-version-min:1.0.16
|
|||
<filename>/etc/NetworkManager/system-connections</filename>.
|
||||
</para>
|
||||
<para>
|
||||
The stored connection file may contain passwords and
|
||||
private keys, so it will be made readable only to root,
|
||||
and the plugin will ignore files that are readable or
|
||||
writable by any user or group other than root.
|
||||
The stored connection file may contain passwords, secrets and
|
||||
private keys in plain text, so it will be made readable only to
|
||||
root, and the plugin will ignore files that are readable or
|
||||
writable by any user or group other than root. See "Secret flag types"
|
||||
in <link linkend='nm-settings'><citerefentry><refentrytitle>nm-settings</refentrytitle><manvolnum>5</manvolnum></citerefentry></link>
|
||||
for how to avoid storing passwords in plain text.
|
||||
</para>
|
||||
<para>
|
||||
This plugin is always active, and will automatically be
|
||||
|
|
|
@ -87,13 +87,18 @@
|
|||
<refsect2 id="secrets-flags">
|
||||
<title>Secret flag types:</title>
|
||||
<para>
|
||||
Each secret property in a setting has an associated <emphasis>flags</emphasis> property
|
||||
Each password or secret property in a setting has an associated <emphasis>flags</emphasis> property
|
||||
that describes how to handle that secret. The <emphasis>flags</emphasis> property is a bitfield
|
||||
that contains zero or more of the following values logically OR-ed together.
|
||||
</para>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>0x0 (none) - the system is responsible for providing and storing this secret.</para>
|
||||
<para>0x0 (none) - the system is responsible for providing and storing this secret. This
|
||||
may be required so that secrets are already available before the user logs in.
|
||||
It also commonly means that the secret will be stored in plain text on disk, accessible
|
||||
to root only. For example via the keyfile settings plugin as described in the "PLUGINS" section
|
||||
in <link linkend='NetworkManager.conf'><citerefentry><refentrytitle>NetworkManager.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></link>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>0x1 (agent-owned) - a user-session secret agent is responsible for providing and storing
|
||||
|
|
Loading…
Reference in a new issue