[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Patch to g-auth



Hi Raman,

I've recently switched to using googles 2-step authentication. This
caused some challenges when it came to using greader. I've attached a
small patch for the g-auth.el file which adds support for storing your
credentials in .authinfo.gpg/.authinfo using the auth-source library
which is now bundled with emacs (at least with emacs 24). I thought
you might find it useful in possibly adding such functionality to
g-client. I have only done the bare minimum I needed and it appears to
work, but you may know of better ways to implement the same
functionality.

Some background  ....

Google provides a 2-step authentication facility. When this facility
is enabled, logging into google requires both your password and a
one-time PIN, which google sends to you via your mobile phone. To
reduce the hassle, you can set a computer as trusted, in which case,
you will only have to provide the PIN once every 30 days.

This greatly increases security, but also presents some challenges. In
particular, how to handle applicaitons which need to login to your
google account, but which may not be interactive and which do not
support the ability to provide a PIN.

The solution google has provided is to also have a facility to setup
special application passwords. These passwords are auto-generated for
you and can be used on things like mobile devices and is how I have
setup my emacs g-client configuration. The passwords google generates
are quite strong, which means they are difficult to remember and quite
long i.e. 16 characters. This makes them a hassle to use in an
interactive manner.

The g-client sofware does provide the ability to store your greader
password in your .emacs file. However, the code doesn't actually use
this. Storing passwords in your .emacs file is a fairly unsafe
practice anyway. So, rather than just modify the code to use a
password stored in my .emacs file, I added a new function which would
use the Auth Source library to store and retrieve my user credentials
in my .authinfo.gpg file.

The function I've added is based on one from the docs for the library,
which was in turn taken from gnus. It is actually quite neat. The
function first looks for the user and secret in the authinfo file
using the host name as the search key (i.e. www.google.com). I've also
use the 'port' parameter of the authinfo file to store the google
service name i.e. 'reader'.

One of the nice things about the library is that it support the
ability to also prompt the user for their credentials if they are not
found in the file and then ask if you want to save them to the file.
This means that the first time you run greader, after failing to find
your credentials, it will prompt you for them and then ask if you want
them saved in your .authinfo.gpg file (you can also choose authinfo
i.e. unencrypted version).

I cannot guarantee this patch will work for everyone, but I suspect it
is a reasonable starting point!

Tim



-- 
Tim Cross

Attachment: g-auth.el.patch
Description: Binary data



If you have questions about this archive or had problems using it, please send mail to:

priestdo@cs.vassar.edu No Soliciting!

Emacspeak List Archive | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998 | Pre 1998

Emacspeak Files | Emacspeak Blog | Search the archive