can someone point out on me how gnome-keyring works?

[Colin Walters]

2009/2/2 Christoph Höger <choeger at cs.tu-berlin.de>:
> Hi,
>
> I want to add gnome-keyring features to the gnome branch of offlineimap.
> Setting and retrieving Passwords works, but I could need some advice:
>
> 1. What parameters should I put into the keyring functions? I see server
> and protocoll elements in the attrs dict. Does that mean gnomekeyring
> stores values on a per host/service base? If yes, is it valid to put
> arbitrary strings ("offlineimap<ACCOUNT>") here?

Think of gnome-keyring more like a "schemaless persistent encrypted
Map<AttributeSet,Password>" rather than "account system".  So yes, you
can put whatever attributes you want in there, and that's a reasonable
thing to do.

> 2. From a security point of view: How does gnomekeyring decide to give
> an app access if the users select "always allow" on later calls?

The application access control system is inherently broken (from a UI
perspective and from a technical perspective) and should not be used.

http://bugzilla.gnome.org/show_bug.cgi?id=533493

It should be disabled in Fedora as far as I know unless the changes
were inadvertently reverted.

> 3. Would calling the app via cron cause any communication problems?

Yes; cron will not have access by default to the logged in session
infrastructure (in particular the X server and session bus).  This is
one of the things that would be nice to fix in a more desktop
integrated scheduled execution service.  But sinc e cron is all we
have right now, if you need gnome-keyring from cron, you need to look
up the DBUS_SESSION_BUS_ADDRESS Unix environment variable.  If none
exists, then create your own session using dbus-launch, and
gnome-keyring should be invoked through service activation when you
try to talk to it.