Ed Greshko writes:
On 2020-07-23 10:49, Sam Varshavchik wrote:
This means the password is stored in the user's key ring on a per-
user basis.
I haven't tried changing this via nmcli. But, will investigate.
FWIW....
nmcli connection modify US-East-NJ vpn.secrets "password=something"
Works just fine for a logged-in user.
Well, I ssh-ed in as root, using an ssh cert. I guess that doesn't count.
This is in a server context. The server wants a VPN tunnel of its own, rather than any particular user.
It's not clear to me if it's NetworkManager itself that defaults to a user- set password. Maybe there's something in the openvpn configuration file that chooses whether to set up a user-centric or server-centric VPN, and this VPN provider is supplying user-centric configuration files.
And I was able to reproduce the broken SELinux context, starting from scratch. "nmcli import" creates /root/.cert, if it does not exist, with a broken SELinux context. Bug 1859974.