[ANN] Encrypted Credential Store for Windows

Gordon Tyler gordon at doxxx.net
Sat Jan 29 17:26:10 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 1/29/2011 9:45 AM, Jelmer Vernooij wrote:
> On Sat, 2011-01-29 at 09:41 -0500, Gordon Tyler wrote:
>> On 1/29/2011 9:06 AM, Jelmer Vernooij wrote:
>>> I'm wondering how much work there is to do to support caching of (known
>>> valid) credentials from within bzr core. I'd be very interested in
>>> implementing something like that for gnome-keyring.
>>
>> It would require a reworking of how credential stores are intended to be
>> used. Currently, they're not so much credential stores as encryption
>> methods for the password values in authentication.conf, which have a
>> little extra behaviour hacked onto them that ignores the password value
>> from authentication.conf and gets the password from another source. To
>> make it a proper credential store that can be written to would require
>> changing the contract a fair bit. Although, considering that there is
>> only two external implementations that I know of (mine and bzr-keychain)
>> it shouldn't cause too much disruption to change the way credential
>> stores work.
> Changing the contract is what I'm after though. I think it should be
> possible to change the contract in a way that doesn't require mandatory
> changes from the existing stores. It should always be possible for
> stores to not be able to store new credentials (such as the bzr-svn
> store).

The simplest would be to add an encode_password(credentials) function to
the base class, which by default does nothing and subclasses can
override it as appropriate.

> There are more external implementations btw. There's also gnome-keyring
> (part of bzr-gtk) and the fallback credentials store that's part of
> bzr-svn.

I should probably implement the fallback on my plugin too, so that users
don't have to modify authentication.conf to map particular hosts/etc. to
wincrypt.

Ciao,
Gordon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNRE2yAAoJEIrPJfWinA2ueYwH/A0Ukfe+nINrF2SlPwQr3ZU+
DIwWMtqXl1xOZpCNfShEAWrZL3V9IhLqjwlnKPfNmLdurZL6Ujn00JZygUFSK343
zBmaunmtVqjOaU2iWk+XUnfzCP3Ozed33AGmz9eb0OTEGs7wvzHRJzDIia+q+SBg
odxG9sHvUmaHAIizcVIYnIaHXsuB3AdNPpG+6GEnE9131d0TeqvG4gIPF58t/hSB
HNlV/NT9Ly1aHD3KlIv7/FtewPqF2pIcY6U9SoLm4u9+ApGF/+BS/zMf2IzyqjXE
hXfFamYi0YxhVX+2zj9951dnBbww+dcvN7+6QvXoCeqpcrVPLfxTnodWL5DjSg8=
=xIWA
-----END PGP SIGNATURE-----



More information about the bazaar mailing list