diff options
author | Thomas Haller <thaller@redhat.com> | 2017-09-28 17:29:45 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2017-09-28 17:56:49 +0200 |
commit | 46dc919e687992aac16d3038fe6b4e8c4474a10d (patch) | |
tree | 0a45ead672280a11aa725968fdb37b54f863e1e6 /man | |
parent | a47c48fd84e2561bad93f9e4f12fece7347ae5b5 (diff) | |
download | NetworkManager-46dc919e687992aac16d3038fe6b4e8c4474a10d.tar.gz |
man: clearify plain text secrets in keyfile
Diffstat (limited to 'man')
-rw-r--r-- | man/NetworkManager.conf.xml | 10 | ||||
-rw-r--r-- | man/nm-settings.xsl | 9 |
2 files changed, 13 insertions, 6 deletions
diff --git a/man/NetworkManager.conf.xml b/man/NetworkManager.conf.xml index d9d5afcf96..248d6fb8d2 100644 --- a/man/NetworkManager.conf.xml +++ b/man/NetworkManager.conf.xml @@ -1134,10 +1134,12 @@ enable=nm-version-min:1.3,nm-version-min:1.2.6,nm-version-min:1.0.16 <filename>/etc/NetworkManager/system-connections</filename>. </para> <para> - The stored connection file may contain passwords and - private keys, so it will be made readable only to root, - and the plugin will ignore files that are readable or - writable by any user or group other than root. + The stored connection file may contain passwords, secrets and + private keys in plain text, so it will be made readable only to + root, and the plugin will ignore files that are readable or + writable by any user or group other than root. See "Secret flag types" + in <link linkend='nm-settings'><citerefentry><refentrytitle>nm-settings</refentrytitle><manvolnum>5</manvolnum></citerefentry></link> + for how to avoid storing passwords in plain text. </para> <para> This plugin is always active, and will automatically be diff --git a/man/nm-settings.xsl b/man/nm-settings.xsl index 36fb82885f..57d5ce41cf 100644 --- a/man/nm-settings.xsl +++ b/man/nm-settings.xsl @@ -87,13 +87,18 @@ <refsect2 id="secrets-flags"> <title>Secret flag types:</title> <para> - Each secret property in a setting has an associated <emphasis>flags</emphasis> property + Each password or secret property in a setting has an associated <emphasis>flags</emphasis> property that describes how to handle that secret. The <emphasis>flags</emphasis> property is a bitfield that contains zero or more of the following values logically OR-ed together. </para> <itemizedlist> <listitem> - <para>0x0 (none) - the system is responsible for providing and storing this secret.</para> + <para>0x0 (none) - the system is responsible for providing and storing this secret. This + may be required so that secrets are already available before the user logs in. + It also commonly means that the secret will be stored in plain text on disk, accessible + to root only. For example via the keyfile settings plugin as described in the "PLUGINS" section + in <link linkend='NetworkManager.conf'><citerefentry><refentrytitle>NetworkManager.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></link>. + </para> </listitem> <listitem> <para>0x1 (agent-owned) - a user-session secret agent is responsible for providing and storing |