No Option To Save Group Password

I too desire this functionality... Many times the group password is static, but the user password changes, so saving them BOTH is not very useful.

I'd go one better -- when you import the .pcf file, it ought to fish out the group password and store it as part of its configuration, along with the connection name, gateway, etc. This would make it act more like the real Cisco client (on Windows).

I'm confirming this since it is in fact a problem, as the other comments have shown. I'm also assigning this to MOTU (I hope I did it correctly!) since I'm applying a patch to fix this, so I want to make sure they see it.

Here's the deal. Not having the patch was too annoying for me to live with, so I downloaded the Fedora patch and applied it against the version of network-manager-vpnc that Feisty ships. It works, and it's awesome to have this feature now. The patch will be in the upstream 0.7.0 release (and may even be in 0.6.5 -- I haven't checked). I'd imagine that Gutsy will ship with that release, and consequently the release of Gutsy will effectively close this bug. Nonetheless, I found that without this patch, network-manager-vpnc is _totally_ unusable for me, and I have to run vpnc in the background manually since that is capable of saving the group password. If it was up to me, I'd backport this fix to Feisty :-) In case some kindly developer wants to do that, I'm attaching my Debianified patch here (i.e. the patch resulting from applying the Fedora patch in a cdbs-edit-patch environment) so that someone can fix this heinous bug.

Also confirming this is significant problem for me.

My employer uses a long string of random characters as the group secret and provides a SecurId card for logging in.

I know there's a couple more weeks left until Gutsy is officially out, but as of today (Oct. 1, 2007) network-manager-vpnc is still at 0.6.4svn2422. I am hoping 0.7 will be included in the repositories, as this bug is pretty annoying.

I too use multi-factor authentication (SecurID and SafeWord Premier) and wish there was a save group password function as well.

Same problem here. I need to just save group password, and not user password. I dont want to hunt for my group password whenever I need to log in.

Current workaround that I am using is:
Login successfully once by entering manually the userpassword and grouppassword, and ask for both passwords to be saved in ring(unchecking the session save thing).

The next time when you try to connect to vpnc, vpnc tries to connect using this pair, which obviously fails. Try re-connecting immediately after failure. This time, the dialog pops up with the last saved user/group password. Change just the user password and login successfully.

You will be an eye-sore to the admin when he goes though vpn log, but I think he will be happier to know that you haven't left the group password in the clear somewhere to use everytime you log in.

I've repackaged network-manager-vpnc to include the patch from Fedora. Hopefully it follows all of the guidelines set forth in the PPAQuickGuide and the Packaging Guide. I think it does.

Anyway, here it is, up on my PPA:
https://launchpad.net/~mathieu-tl/+archive

network-manager-vpnc, can be installed the usual way by adding the lines to sources.list and using apt-get update and then apt-get install network-manager-vpnc. Hopefully this won't only be useful to me :)

Attached the debdiff file for the fix.

Upstream bug is #363918. New proposed patch couldn't be applied to 0.6.4svn2422 as it is in Gutsy.

Sorry, bug spam necessary because of bug 176085.

This bug has a patch attached, which needs review and sponsoring.

Thanks for the debdiff. Unfortunately, this cannot be uploaded to hardy in the current state. Please adjust the patch as follows: 1) Move the patch itself into debian/patches; 2) set the version to "0.6.4svn2422-0ubuntu4" (no PPA); 3) set the target (immediately after the version in the changelog) to hardy instead of gutsy. I've unsubscribed ubuntu-universe-sponsors pending these changes. Please resubscribe when they are complete.

I've updated the debdiff with the suggestions from Emmet Hikory.
- patch in debian/patches (it was already there... unless this is about something else? the file is 03_fix_bug_91964_save_group_password.diff.)
- set the version : 0.6.4svn2422-0ubuntu4 in this debdiff.
- target changed to hardy.

See attached debdiff.

Uploaded. Thanks.

This bug was fixed in the package network-manager-vpnc - 0.6.4svn2422-0ubuntu4

---------------
network-manager-vpnc (0.6.4svn2422-0ubuntu4) hardy; urgency=low

  * Applied patch for bug #363918: option to save group password (LP: #91964)

 -- Mathieu Trudel <email address hidden> Sun, 16 Dec 2007 12:27:50 -0500

I didn't try this new version, I don't know what this patch do exactly but :

With 0.6.4svn2422-0ubuntu3 :

I import a pcf file. The password is obfusced. That's not a problem for my vpnc : IPSec obfuscated secret [the secret string]

But here, network-manager-vpnc ask me my group password ! But I'm not supposed to know it (but I cracked it). So I can't use it.

Is this patch a correction for this issue ?

Unfortunately not. So far, there seems to be no code to handle writing a saved group password (or user password) in an "exported" pcf file from network-manager-vpnc, nor is there code to retrieve the group password from a pcf file. The only thing that changed is to allow network-manager-vpnc to save the group password entered in the authorization dialog into the password manager.

This bug is still present... I would really love to be able to import .pcf files with the group password set. I can't use Cisco VPN with nm-applet otherwise, and I don't want to have to tell all of our Ubuntu users here that they need to use the command-line client.

This is fixed, unless you have something else in mind. Here's how it works. When you connect to the VPN entry for the first time, you are presented with three options:

1. save passwords for this session (leave unchecked if you use one time passwords).
2. save passwords in keyring (leave unchecked if you use one time passwords).
3. save group password in keyring (check this one)

From that point on, any time you connect in the future, your group password will be saved... and you will be prompted to enter a password. If you're not being prompted to use a password, then you may have one saved in the keyring.

Go to Applications, Accessories, Passwords and Encryption Keys, and click on the far right tab of "passwords". You should see only one entry with the name of your VPN connection and at the tail end it should say "group_password". If you have any VPN related entry other than that for the group password, remove it, and educate your users not to save the password to the keyring when connecting.

I just upgraded to 8.10 RC and the 0.7.0 network manager + vpnc is definitely missing the 'save group password in the keyring' option. This was working before my upgrade in hardy yesterday.

Can someone make sure that the patch is ported to the version of nm and vpnc in the ibex repository?

This is REALLY important for me as i use this machine for daily work via the vpn!

Thanks,Troy

This is definitely a regression. I submitted a bug report here.

http://bugzilla.gnome.org/show_bug.cgi?id=558331

I really hope this can be fixed ASAP and packaged for Intrepid, ASAP.

Gilbert, bonin5,

Please look at bug 262191, which specifically addresses this regression. Sadly, it's too late for it to make it into Intrepid with the release today, but I may be fixed in a SRU at a later point.

Matt,

Thanks for the reply. I can live with the inconvenience for a while
(just like in hardy). Hopefully soon it will get corrected.

Troy

On Thu, 2008-10-30 at 14:40 +0000, Matt Trudel wrote:
> Gilbert, bonin5,
>
> Please look at bug 262191, which specifically addresses this regression.
> Sadly, it's too late for it to make it into Intrepid with the release
> today, but I may be fixed in a SRU at a later point.
>

What's the plan on getting this fix into intrepid? Seems that everyone agrees it is a known and severe functionality problem and there is a patch to fix it. What's the hold up?

Richard - I agree with ya. I use this daily to vpn into our corp net.

*patiently waiting*

Thanks,Troy

On Wed, 2009-02-18 at 15:58 +0000, Richard Lee wrote:
> What's the plan on getting this fix into intrepid? Seems that everyone
> agrees it is a known and severe functionality problem and there is a
> patch to fix it. What's the hold up?
>

Today I got an apt update that has the fix in it! Hurrah! Thx!

You can now set either the user or group password to ask every time or be remembered or be ignored.

For those with the obfuscated group password needing to know the group password - download & build the deobfuscator available from http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode