[vlc-devel] [PATCH] keystore: always store to the memory keystore

Rémi Denis-Courmont remi at remlab.net
Tue Dec 15 16:42:07 CET 2020


Le mardi 15 décembre 2020, 17:01:37 EET Thomas Guillem a écrit :
> On Tue, Dec 15, 2020, at 15:50, Rémi Denis-Courmont wrote:
> > Le mardi 15 décembre 2020, 14:03:04 EET Thomas Guillem a écrit :
> > > The memory keystore was never used if the system keystore was
> > > 
> > > functional. This caused several issue:
> > >  - No caching of the system keystore (slower)
> > >  - Guest account always tried in the first place on some access modules
> > >  
> > >    (mainly SMB ones).
> > 
> > Both of those alleged issues seem like intended behaviour, also not
> > related, and with the later not a core concern.
> 
> And yet, it's very hard to fix the Guest connection issue inside a module.

Still, the core has zero notion of what is a guest account. That's a protocol-
specific thing, and it does not seem like it should even involve account 
management, since a guest account is a non-account.

Indeed, the password manager is not necessary for anonymous FTP login, or for 
not using HTTP authentication.

> Indeed, requesting the system keystore can cause a user interaction (enter a
> passphrase, pin, fingerprint), that is why it is requested after the second
> try. So if the memory keystore is not used, you won't be able to get the
> last saved credential on the first try.
> 
> As a result, when browsing smb2, you will always try to connect to the Guest
> account first, then use the user one.
> > And it's not clear from the description how cache maintenance (cleaning
> > and
> > invalidation) would work.
> 
> The memory keystore can't be cleared for now.

So don't use a cache.

> It's easy to implement but it needs a new UI and a libvlc API.

I don't think the user should have to learn about how and when to clear the 
credential cache of an application, and the VLC GUI is plenty cluttered enough 
as it is.

If you can't invalidate the cache, don't use a cache.

> When logging with gnome nautilus on network shares, it is not possible to
> clear the cache

That sounds like a bug in GNOME and I don't want to copy GNOME bugs.
o
-- 
Rémi Denis-Courmont




More information about the vlc-devel mailing list