2009-02-16 09:32:19 +00:00
|
|
|
\input texinfo @c -*-texinfo-*-
|
2009-03-03 04:20:40 +00:00
|
|
|
@setfilename ../../info/auth
|
2009-02-16 17:41:58 +00:00
|
|
|
@settitle Emacs auth-source Library @value{VERSION}
|
2009-02-16 09:32:19 +00:00
|
|
|
|
2009-08-29 00:27:12 +00:00
|
|
|
@set VERSION 0.2
|
2009-02-16 09:32:19 +00:00
|
|
|
|
|
|
|
@copying
|
|
|
|
This file describes the Emacs auth-source library.
|
|
|
|
|
2009-02-16 17:41:58 +00:00
|
|
|
Copyright @copyright{} 2008, 2009 Free Software Foundation, Inc.
|
2009-02-16 09:32:19 +00:00
|
|
|
|
|
|
|
@quotation
|
|
|
|
Permission is granted to copy, distribute and/or modify this document
|
|
|
|
under the terms of the GNU Free Documentation License, Version 1.3 or
|
|
|
|
any later version published by the Free Software Foundation; with no
|
|
|
|
Invariant Sections, with the Front-Cover texts being ``A GNU Manual,''
|
|
|
|
and with the Back-Cover Texts as in (a) below. A copy of the license
|
|
|
|
is included in the section entitled ``GNU Free Documentation License''
|
|
|
|
in the Emacs manual.
|
|
|
|
|
|
|
|
(a) The FSF's Back-Cover Text is: ``You have the freedom to copy and
|
|
|
|
modify this GNU manual. Buying copies from the FSF supports it in
|
|
|
|
developing GNU and promoting software freedom.''
|
|
|
|
|
|
|
|
This document is part of a collection distributed under the GNU Free
|
|
|
|
Documentation License. If you want to distribute this document
|
|
|
|
separately from the collection, you can do so by adding a copy of the
|
|
|
|
license to the document, as described in section 6 of the license.
|
|
|
|
@end quotation
|
|
|
|
@end copying
|
|
|
|
|
2009-02-16 17:41:58 +00:00
|
|
|
@dircategory Emacs
|
|
|
|
@direntry
|
2009-04-02 06:59:17 +00:00
|
|
|
* Auth-source: (auth). The Emacs auth-source library.
|
2009-02-16 17:41:58 +00:00
|
|
|
@end direntry
|
2009-02-16 09:32:19 +00:00
|
|
|
|
|
|
|
@titlepage
|
|
|
|
@title Emacs auth-source Library
|
|
|
|
@author by Ted Zlatanov
|
|
|
|
@page
|
|
|
|
@vskip 0pt plus 1filll
|
|
|
|
@insertcopying
|
|
|
|
@end titlepage
|
|
|
|
|
2009-02-16 17:41:58 +00:00
|
|
|
@contents
|
2009-02-16 09:32:19 +00:00
|
|
|
|
2009-02-16 17:41:58 +00:00
|
|
|
@ifnottex
|
2009-02-16 09:32:19 +00:00
|
|
|
@node Top
|
|
|
|
@top Emacs auth-source
|
|
|
|
This manual describes the Emacs auth-source library.
|
|
|
|
|
|
|
|
It is a way for multiple applications to share a single configuration
|
|
|
|
(in Emacs and in files) for user convenience.
|
|
|
|
|
2009-02-16 17:41:58 +00:00
|
|
|
@insertcopying
|
|
|
|
|
2009-02-16 09:32:19 +00:00
|
|
|
@menu
|
|
|
|
* Overview:: Overview of the auth-source library.
|
|
|
|
* Help for users::
|
|
|
|
* Help for developers::
|
|
|
|
* Index::
|
|
|
|
* Function Index::
|
|
|
|
* Variable Index::
|
|
|
|
@end menu
|
2009-02-16 17:41:58 +00:00
|
|
|
@end ifnottex
|
2009-02-16 09:32:19 +00:00
|
|
|
|
|
|
|
@node Overview
|
|
|
|
@chapter Overview
|
|
|
|
|
2009-08-29 00:27:12 +00:00
|
|
|
The auth-source library is a modern, extensible, enterprise-class
|
|
|
|
authentication library. It uses the latest design patterns, has 1800
|
|
|
|
unit tests, and has been featured in 21 industry conference keynote
|
|
|
|
talks. It's future-proof, mathematically proven to be bug-free, and
|
|
|
|
has 6 internal XML parsers just in case you ever need to eat up some
|
|
|
|
memory.
|
|
|
|
|
|
|
|
Just kidding. The auth-source library is simply a way for Emacs and
|
|
|
|
Gnus, among others, to find the answer to the old burning question ``I
|
|
|
|
have a server name and a port, what are my user name and password?''
|
|
|
|
|
|
|
|
The auth-source library actually supports more than just the user name
|
|
|
|
(known as the login) or the password, but only those two are in use
|
|
|
|
today in Emacs or Gnus. Similarly, the auth-source library can in
|
|
|
|
theory support multiple storage formats, but currently it only
|
|
|
|
understands the classic ``netrc'' format, examples of which you can
|
|
|
|
see later in this document.
|
2009-02-16 09:32:19 +00:00
|
|
|
|
|
|
|
@node Help for users
|
|
|
|
@chapter Help for users
|
|
|
|
|
2009-08-29 00:27:12 +00:00
|
|
|
``Netrc'' files are a de facto standard. They look like this:
|
|
|
|
@example
|
|
|
|
machine mymachine login myloginname password mypassword port myport
|
|
|
|
@end example
|
2009-02-16 09:32:19 +00:00
|
|
|
|
2009-08-29 00:27:12 +00:00
|
|
|
The port is optional. If it's missing, auth-source will assume any
|
|
|
|
port is OK. Actually the port is a protocol name or a port number so
|
|
|
|
you can have separate entries for port 143 and for protocol ``imap''
|
|
|
|
if you fancy that. Anyway, you can just omit the port if you don't
|
|
|
|
need it. ``Netrc'' files are usually called @code{.authinfo} or
|
|
|
|
@code{.netrc}; nowadays @code{.authinfo} seems to be more popular and
|
|
|
|
the auth-source library encourages this confusion by making it the
|
|
|
|
default, as you'll see later.
|
|
|
|
|
|
|
|
If you have problems with the port, set @var{auth-source-debug} to t
|
|
|
|
and see what port the library is checking in the @code{*Messages*}
|
|
|
|
buffer. Ditto for any other problems, your first step is always to
|
|
|
|
see what's being checked. The second step, of course, is to write a
|
|
|
|
blog entry about it and wait for the answer in the comments.
|
|
|
|
|
|
|
|
You can customize the variable @var{auth-sources}. The following may
|
|
|
|
be needed if you are using an older version of Emacs or if the
|
|
|
|
auth-source library is not loaded for some other reason.
|
2009-02-16 09:32:19 +00:00
|
|
|
|
|
|
|
@lisp
|
2009-08-29 00:27:12 +00:00
|
|
|
(require 'auth-source) ;; probably not necessary
|
2009-02-16 09:32:19 +00:00
|
|
|
(customize-variable 'auth-sources) ;; optional, do it once
|
|
|
|
@end lisp
|
|
|
|
|
|
|
|
@defvar auth-sources
|
|
|
|
|
|
|
|
The @var{auth-sources} variable tells the auth-source library where
|
|
|
|
your netrc files live for a particular host and protocol. While you
|
|
|
|
can get fancy, the default and simplest configuration is:
|
|
|
|
|
|
|
|
@lisp
|
|
|
|
(setq auth-sources '((:source "~/.authinfo.gpg" :host t :protocol t)))
|
|
|
|
@end lisp
|
|
|
|
|
2009-08-29 00:27:12 +00:00
|
|
|
This says ``for any host and any protocol, use just that one file.''
|
|
|
|
Sweet simplicity. In fact, this is already the default, so unless you
|
|
|
|
want to move your netrc file, it will just work if you have that
|
|
|
|
file. You may not, though, so make sure it exists.
|
2009-02-16 09:32:19 +00:00
|
|
|
|
2009-08-29 00:27:12 +00:00
|
|
|
By adding multiple entries to @var{auth-sources} with a particular
|
|
|
|
host or protocol, you can have specific netrc files for that host or
|
|
|
|
protocol. Usually this is unnecessary but may make sense if you have
|
|
|
|
shared netrc files or some other unusual setup (90% of Emacs users
|
|
|
|
have unusual setups and the remaining 10% are @emph{really} unusual).
|
2009-02-16 09:32:19 +00:00
|
|
|
|
2009-08-29 00:27:12 +00:00
|
|
|
@end defvar
|
2009-02-16 09:32:19 +00:00
|
|
|
|
|
|
|
If you don't customize @var{auth-sources}, you'll have to live with
|
|
|
|
the defaults: any host and any port are looked up in the netrc
|
|
|
|
file @code{~/.authinfo.gpg}. This is an encrypted file if and only if
|
|
|
|
you set up EPA, which is strongly recommended.
|
|
|
|
|
|
|
|
@lisp
|
|
|
|
(require 'epa-file)
|
|
|
|
(epa-file-enable)
|
2009-08-29 00:27:12 +00:00
|
|
|
;;; VERY important if you want symmetric encryption
|
|
|
|
;;; irrelevant if you don't
|
|
|
|
(setq epa-file-cache-passphrase-for-symmetric-encryption t)
|
2009-02-16 09:32:19 +00:00
|
|
|
@end lisp
|
|
|
|
|
2009-08-29 00:27:12 +00:00
|
|
|
The simplest working netrc line example is one without a port.
|
|
|
|
|
|
|
|
@example
|
|
|
|
machine YOURMACHINE login YOU password YOURPASSWORD
|
|
|
|
@end example
|
|
|
|
|
|
|
|
This will match any authentication port. Simple, right? But what if
|
|
|
|
there's a SMTP server on port 433 of that machine that needs a
|
|
|
|
different password from the IMAP server?
|
|
|
|
|
|
|
|
@example
|
|
|
|
machine YOURMACHINE login YOU password SMTPPASSWORD port 433
|
|
|
|
machine YOURMACHINE login YOU password GENERALPASSWORD
|
|
|
|
@end example
|
|
|
|
|
2009-02-16 09:32:19 +00:00
|
|
|
For url-auth authentication (HTTP/HTTPS), you need to put this in your
|
|
|
|
netrc file:
|
|
|
|
|
|
|
|
@example
|
|
|
|
machine yourmachine.com:80 port http login testuser password testpass
|
|
|
|
@end example
|
|
|
|
|
2009-08-29 00:27:12 +00:00
|
|
|
This will match any realm and authentication method (basic or digest)
|
|
|
|
over HTTP. HTTPS is set up similarly. If you want finer controls,
|
|
|
|
explore the url-auth source code and variables.
|
2009-02-16 09:32:19 +00:00
|
|
|
|
|
|
|
For Tramp authentication, use:
|
|
|
|
|
|
|
|
@example
|
|
|
|
machine yourmachine.com port scp login testuser password testpass
|
|
|
|
@end example
|
|
|
|
|
|
|
|
Note that the port denotes the Tramp connection method. When you
|
|
|
|
don't use a port entry, you match any Tramp method, as explained
|
2009-08-29 00:27:12 +00:00
|
|
|
earlier. Since Tramp has about 88 connection methods, this may be
|
|
|
|
necessary if you have an unusual (see earlier comment on those) setup.
|
2009-02-16 09:32:19 +00:00
|
|
|
|
|
|
|
@node Help for developers
|
|
|
|
@chapter Help for developers
|
|
|
|
|
|
|
|
The auth-source library only has one function for external use.
|
|
|
|
|
|
|
|
@defun auth-source-user-or-password mode host port
|
|
|
|
|
|
|
|
Retrieve appropriate authentication tokens, determined by @var{mode},
|
2009-08-29 00:27:12 +00:00
|
|
|
for host @var{host} and @var{port}. If @var{auth-source-debug} is t,
|
|
|
|
debugging messages will be printed. Set @var{auth-source-debug} to a
|
|
|
|
function to use that function for logging. The parameters passed will
|
|
|
|
be the same that the @code{message} function takes, that is, a string
|
|
|
|
formatting spec and optional parameters.
|
2009-02-16 09:32:19 +00:00
|
|
|
|
|
|
|
If @var{mode} is a list of strings, the function will return a list of
|
2009-08-29 00:27:12 +00:00
|
|
|
strings or @code{nil} objects (thus you can avoid parsing the netrc
|
|
|
|
file more than once). If it's a string, the function will return a
|
|
|
|
string or a @code{nil} object. Currently only the modes ``login'' and
|
|
|
|
``password'' are recognized but more may be added in the future.
|
2009-02-16 09:32:19 +00:00
|
|
|
|
|
|
|
@var{host} is a string containing the host name.
|
|
|
|
|
|
|
|
@var{port} contains the protocol name (e.g. ``imap'') or
|
|
|
|
a port number. It must be a string, corresponding to the port in the
|
|
|
|
users' netrc files.
|
|
|
|
|
|
|
|
@example
|
|
|
|
;; IMAP example
|
|
|
|
(setq auth (auth-source-user-or-password
|
|
|
|
'("login" "password")
|
|
|
|
"anyhostnamehere"
|
|
|
|
"imap"))
|
|
|
|
(nth 0 auth) ; the login name
|
|
|
|
(nth 1 auth) ; the password
|
|
|
|
@end example
|
|
|
|
|
|
|
|
@end defun
|
|
|
|
|
|
|
|
@node Index
|
|
|
|
@chapter Index
|
|
|
|
@printindex cp
|
|
|
|
|
|
|
|
@node Function Index
|
|
|
|
@chapter Function Index
|
|
|
|
@printindex fn
|
|
|
|
|
|
|
|
@node Variable Index
|
|
|
|
@chapter Variable Index
|
|
|
|
@printindex vr
|
|
|
|
|
|
|
|
@bye
|
|
|
|
|
|
|
|
@c End:
|
|
|
|
|
|
|
|
@ignore
|
|
|
|
arch-tag: 7b835fd3-473f-40fc-9776-1c4e49d26c94
|
|
|
|
@end ignore
|