mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-15 04:24:32 +00:00
man: clearify plain text secrets in keyfile
This commit is contained in:
parent
a47c48fd84
commit
46dc919e68
|
@ -1134,10 +1134,12 @@ enable=nm-version-min:1.3,nm-version-min:1.2.6,nm-version-min:1.0.16
|
||||||
<filename>/etc/NetworkManager/system-connections</filename>.
|
<filename>/etc/NetworkManager/system-connections</filename>.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
The stored connection file may contain passwords and
|
The stored connection file may contain passwords, secrets and
|
||||||
private keys, so it will be made readable only to root,
|
private keys in plain text, so it will be made readable only to
|
||||||
and the plugin will ignore files that are readable or
|
root, and the plugin will ignore files that are readable or
|
||||||
writable by any user or group other than root.
|
writable by any user or group other than root. See "Secret flag types"
|
||||||
|
in <link linkend='nm-settings'><citerefentry><refentrytitle>nm-settings</refentrytitle><manvolnum>5</manvolnum></citerefentry></link>
|
||||||
|
for how to avoid storing passwords in plain text.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
This plugin is always active, and will automatically be
|
This plugin is always active, and will automatically be
|
||||||
|
|
|
@ -87,13 +87,18 @@
|
||||||
<refsect2 id="secrets-flags">
|
<refsect2 id="secrets-flags">
|
||||||
<title>Secret flag types:</title>
|
<title>Secret flag types:</title>
|
||||||
<para>
|
<para>
|
||||||
Each secret property in a setting has an associated <emphasis>flags</emphasis> property
|
Each password or secret property in a setting has an associated <emphasis>flags</emphasis> property
|
||||||
that describes how to handle that secret. The <emphasis>flags</emphasis> property is a bitfield
|
that describes how to handle that secret. The <emphasis>flags</emphasis> property is a bitfield
|
||||||
that contains zero or more of the following values logically OR-ed together.
|
that contains zero or more of the following values logically OR-ed together.
|
||||||
</para>
|
</para>
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>0x0 (none) - the system is responsible for providing and storing this secret.</para>
|
<para>0x0 (none) - the system is responsible for providing and storing this secret. This
|
||||||
|
may be required so that secrets are already available before the user logs in.
|
||||||
|
It also commonly means that the secret will be stored in plain text on disk, accessible
|
||||||
|
to root only. For example via the keyfile settings plugin as described in the "PLUGINS" section
|
||||||
|
in <link linkend='NetworkManager.conf'><citerefentry><refentrytitle>NetworkManager.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></link>.
|
||||||
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>0x1 (agent-owned) - a user-session secret agent is responsible for providing and storing
|
<para>0x1 (agent-owned) - a user-session secret agent is responsible for providing and storing
|
||||||
|
|
Loading…
Reference in a new issue