diff --git a/ChangeLog b/ChangeLog
index 879368c737..b6b4d5d852 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
+2004-12-01  Colin Walters  <walters@verbum.org>
+
+	* info-daemon/NetworkManagerInfoDbus.c (nmi_dbus_return_vpn_password): New method.
+	(nmi_dbus_get_vpn_userpass): New method.
+	(nmi_dbus_nmi_message_handler): Invoke it.
+
+	* info-daemon/NetworkManagerInfoDbus.h (nmi_dbus_return_vpn_password): Prototype.
+
+	* info-daemon/NetworkManagerInfoVPN.h,
+	info-daemon/NetworkManagerInfoVPN.c: New files; responds
+	to requests for VPN passwords.
+
+	* configure.in (GNOME_KEYRING_LIBS): Check for gnome-keyring.
+
 2004-12-01  Colin Walters  <walters@redhat.com>
 
 	* test/nmtestdevices.c, test/nmclienttest.c: Add missing
diff --git a/configure.in b/configure.in
index 81ea97aba3..1e41084378 100644
--- a/configure.in
+++ b/configure.in
@@ -104,6 +104,9 @@ PKG_CHECK_MODULES(GCONF, gconf-2.0)
 AC_SUBST(GCONF_CFLAGS)
 AC_SUBST(GCONF_LIBS)
 
+PKG_CHECK_MODULES(GNOME_KEYRING, gnome-keyring-1)
+AC_SUBST(GNOME_KEYRING_CFLAGS)
+AC_SUBST(GNOME_KEYRING_LIBS)
 
 AC_ARG_WITH(gcrypt, [--with-gcrypt	Use gcrypt library], ac_gcrypt=$withval, ac_gcrypt=auto)
 if test x"$ac_gcrypt" != xno; then
diff --git a/info-daemon/Makefile.am b/info-daemon/Makefile.am
index de84c73a30..f905ebc819 100644
--- a/info-daemon/Makefile.am
+++ b/info-daemon/Makefile.am
@@ -8,6 +8,7 @@ AM_CPPFLAGS =								\
 	$(GLADE_CFLAGS)							\
 	$(GCONF_CFLAGS)							\
 	$(LIBGNOMEUI_CFLAGS)						\
+	$(GNOME_KEYRING_CFLAGS)						\
 	-Wall								\
 	-DDBUS_API_SUBJECT_TO_CHANGE					\
 	-DG_DISABLE_DEPRECATED						\
@@ -29,6 +30,8 @@ NetworkManagerInfo_SOURCES =	NetworkManagerInfo.h		\
 				NetworkManagerInfoDbus.c				\
 				NetworkManagerInfoPassphraseDialog.c	\
 				NetworkManagerInfoPassphraseDialog.h	\
+				NetworkManagerInfoVPN.c	\
+				NetworkManagerInfoVPN.h	\
 				NetworkManagerInfoNetworksDialog.c		\
 				NetworkManagerInfoNetworksDialog.h
 
@@ -37,6 +40,7 @@ NetworkManagerInfo_LDADD = $(NM_LIBS) 		\
 			   $(GCONF_LIBS) 	\
 			   $(GTK_LIBS) 		\
 			   $(GDK_PIXBUF_LIBS)   \
+			   $(GNOME_KEYRING_LIBS)   \
 			   $(LIBGNOMEUI_LIBS)	
 
 gladedir = $(datadir)/NetworkManagerInfo/glade
diff --git a/info-daemon/NetworkManagerInfo.h b/info-daemon/NetworkManagerInfo.h
index 9189978f8f..4b1845a101 100644
--- a/info-daemon/NetworkManagerInfo.h
+++ b/info-daemon/NetworkManagerInfo.h
@@ -35,6 +35,8 @@
 struct NMIAppInfo
 {
 	GladeXML		*passphrase_dialog;
+	GtkWidget		*vpn_password_dialog;
+	DBusMessage		*vpn_password_message;
 	char			*orig_label_text;
 	DBusConnection	*connection;
 	GConfClient	*gconf_client;
diff --git a/info-daemon/NetworkManagerInfoDbus.c b/info-daemon/NetworkManagerInfoDbus.c
index 4edbf43aff..5196be84e9 100644
--- a/info-daemon/NetworkManagerInfoDbus.c
+++ b/info-daemon/NetworkManagerInfoDbus.c
@@ -30,6 +30,7 @@
 #include "NetworkManagerInfo.h"
 #include "NetworkManagerInfoDbus.h"
 #include "NetworkManagerInfoPassphraseDialog.h"
+#include "NetworkManagerInfoVPN.h"
 
 
 /*
@@ -120,6 +121,37 @@ static void nmi_dbus_get_key_for_network (NMIAppInfo *info, DBusMessage *message
 	}
 }
 
+/*
+ * nmi_dbus_get_user_pass
+ *
+ * Request a username/password for VPN login
+ *
+ */
+static void nmi_dbus_get_vpn_userpass (NMIAppInfo *info, DBusMessage *message)
+{
+	DBusError			 error;
+	char				*vpn;
+	char				*username;
+	dbus_bool_t			 retry;
+
+
+	dbus_error_init (&error);
+	if (dbus_message_get_args (message, &error,
+				   DBUS_TYPE_STRING, &vpn,
+				   DBUS_TYPE_STRING, &username,
+				   DBUS_TYPE_BOOLEAN, &retry,
+				   DBUS_TYPE_INVALID))
+	{
+		if (username[0] == '\0') {
+			dbus_free (username);
+			username = NULL;
+		}
+		nmi_vpn_request_password (info, message, vpn, username, retry);
+		dbus_free (vpn);
+		dbus_free (username);
+	}
+}
+
 
 /*
  * nmi_dbus_dbus_return_user_key
@@ -157,6 +189,35 @@ void nmi_dbus_return_user_key (DBusConnection *connection, const char *device,
 	dbus_message_unref (message);
 }
 
+/*
+ * nmi_dbus_return_userpass
+ *
+ * Alert caller of the username/password
+ *
+ */
+void nmi_dbus_return_vpn_password (DBusConnection *connection, DBusMessage *message, const char *password)
+{
+	DBusMessage	*reply;
+
+	g_return_if_fail (connection != NULL);
+	g_return_if_fail (message != NULL);
+	g_return_if_fail (password != NULL);
+
+	if (password == NULL)
+	{
+		reply = dbus_message_new_error (message, NMI_DBUS_INTERFACE ".Cancelled", "Operation cancelled by user");
+	}
+	else
+	{
+		reply = dbus_message_new_method_return (message);
+		dbus_message_append_args (reply,
+					  DBUS_TYPE_STRING, password,
+					  DBUS_TYPE_INVALID);
+	}
+	dbus_connection_send (connection, reply, NULL);
+	dbus_message_unref (reply);
+	dbus_message_unref (message);
+}
 
 /*
  * nmi_dbus_signal_update_network
@@ -672,6 +733,10 @@ static DBusHandlerResult nmi_dbus_nmi_message_handler (DBusConnection *connectio
 		if (GTK_WIDGET_VISIBLE (dialog))
 			nmi_passphrase_dialog_cancel (info);
 	}
+	else if (strcmp ("getVPNUserPass", method) == 0)
+	{
+		nmi_dbus_get_vpn_userpass (info, message);
+	}
 	else if (strcmp ("networkNotFound", method) == 0)
 	{
 		char		*network;
diff --git a/info-daemon/NetworkManagerInfoDbus.h b/info-daemon/NetworkManagerInfoDbus.h
index 17d0591ac8..423ca44be9 100644
--- a/info-daemon/NetworkManagerInfoDbus.h
+++ b/info-daemon/NetworkManagerInfoDbus.h
@@ -39,6 +39,8 @@ gboolean		nmi_dbus_nm_get_network_encrypted		(DBusConnection *connection, const
 void 		nmi_dbus_return_user_key				(DBusConnection *connection, const char *device,
 											 const char *network, const char *passphrase, const int key_type);
 
+void 		nmi_dbus_return_vpn_password (DBusConnection *connection, DBusMessage *message, const char *password);
+
 void			nmi_dbus_signal_update_network 		(DBusConnection *connection, const char *network, NMNetworkType type);
 
 #endif
diff --git a/info-daemon/NetworkManagerInfoVPN.c b/info-daemon/NetworkManagerInfoVPN.c
new file mode 100644
index 0000000000..afef0c8639
--- /dev/null
+++ b/info-daemon/NetworkManagerInfoVPN.c
@@ -0,0 +1,187 @@
+/* NetworkManagerInfo -- Manage allowed access points and provide a UI
+ *                         for WEP key entry
+ *
+ * Colin Walters <walters@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * (C) Copyright 2004 Red Hat, Inc.
+ */
+
+#include <config.h>
+#include <libintl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <gtk/gtk.h>
+#include <glade/glade.h>
+#include <glib.h>
+#include <dbus/dbus.h>
+#include <dbus/dbus-glib.h>
+#include <gnome-keyring.h>
+#include <libgnomeui/gnome-password-dialog.h>
+
+#ifndef _
+#define _(x) dgettext (GETTEXT_PACKAGE, x)
+#define N_(x) x
+#endif
+
+#include "NetworkManagerInfoDbus.h"
+#include "NetworkManagerInfoVPN.h"
+
+int nmi_vpn_init (NMIAppInfo *info)
+{
+	info->vpn_password_dialog = NULL;
+	info->vpn_password_message = NULL;
+	return 0;
+}
+
+static gboolean lookup_pass (const char *vpn, const char *username, char **password)
+{
+	GList *result;
+
+	if (gnome_keyring_find_network_password_sync (username,
+						      NULL,
+						      vpn,
+						      NULL,
+						      "vpn",
+						      NULL,
+						      0,
+						      &result) != GNOME_KEYRING_RESULT_OK)
+		return FALSE;
+
+	if (result)
+	{
+		GnomeKeyringNetworkPasswordData *data = result->data;
+		*password = g_strdup (data->password);
+		gnome_keyring_network_password_list_free (result);
+		return TRUE;
+	}
+	return FALSE;
+}
+
+static void save_vpn_password (const char *vpn, const char *keyring, const char *username, const char *password)
+{
+	guint32 item_id;
+	GnomeKeyringResult keyring_result;
+
+	keyring_result = gnome_keyring_set_network_password_sync (NULL,
+								  username,
+								  NULL,
+								  vpn,
+								  NULL,
+								  "vpn",
+								  NULL,
+								  0,
+								  password,
+								  &item_id);
+
+	if (keyring_result != GNOME_KEYRING_RESULT_OK)
+	{
+		syslog (LOG_ERR, "Couldn't store password in keyring, code %d",
+			(int) keyring_result);
+	}
+}
+
+static void close_cb (GtkWidget *dialog, gpointer user_data)
+{
+	NMIAppInfo *info = user_data;
+	nmi_dbus_return_vpn_password (info->connection, info->vpn_password_message, NULL);
+	gtk_widget_destroy (dialog);
+	info->vpn_password_dialog = NULL;
+}
+
+static void response_cb (GtkWidget *dialog, int response, gpointer user_data)
+{
+	NMIAppInfo *info = user_data;
+	GnomePasswordDialog *passwd_dialog;
+	char *password;
+	const char *vpn, *username;
+
+	if (response != GTK_RESPONSE_OK)
+	{
+		close_cb (dialog, user_data);
+		return;
+	}
+
+	passwd_dialog = GNOME_PASSWORD_DIALOG (dialog);
+	username = g_object_get_data (G_OBJECT (passwd_dialog), "NetworkManagerInfoVPN-username");
+	vpn = g_object_get_data (G_OBJECT (passwd_dialog), "NetworkManagerInfoVPN-vpn");
+	password = gnome_password_dialog_get_password (passwd_dialog);
+	syslog (LOG_ERR, "returning VPN vpn_password for %s@%s: %s", username, vpn, password);
+	nmi_dbus_return_vpn_password (info->connection, info->vpn_password_message, password);
+	switch (gnome_password_dialog_get_remember (passwd_dialog))
+	{
+	case GNOME_PASSWORD_DIALOG_REMEMBER_SESSION:
+		save_vpn_password (vpn, "session", username, password);
+		break;
+	case GNOME_PASSWORD_DIALOG_REMEMBER_FOREVER:
+		save_vpn_password (vpn, NULL, username, password);
+		break;
+	default:
+		break;
+	}
+  
+	g_free (password);
+	gtk_widget_destroy (dialog);
+	info->vpn_password_dialog = NULL;
+}
+
+void nmi_vpn_request_password (NMIAppInfo *info, DBusMessage *message, const char *vpn, const char *username, gboolean retry)
+{
+	char *prompt;
+	char *password;
+
+	if (!username)
+		username = g_get_user_name ();
+
+	if (!retry && lookup_pass (vpn, username, &password))
+	{
+		nmi_dbus_return_vpn_password (info->connection, message, password);
+		g_free (password);
+		return;
+	}
+	
+	prompt = g_strdup_printf (_("You must log in to access the private network %s"), vpn);
+
+	info->vpn_password_dialog = gnome_password_dialog_new ("",
+							       prompt,
+							       username,
+							       NULL,
+							       FALSE);
+	g_free (prompt);
+	info->vpn_password_message = message;
+	dbus_message_ref (info->vpn_password_message);
+	gnome_password_dialog_set_show_username (GNOME_PASSWORD_DIALOG (info->vpn_password_dialog), TRUE);
+	gnome_password_dialog_set_readonly_username (GNOME_PASSWORD_DIALOG (info->vpn_password_dialog), TRUE);
+	gnome_password_dialog_set_show_userpass_buttons (GNOME_PASSWORD_DIALOG (info->vpn_password_dialog), FALSE);
+	gnome_password_dialog_set_show_domain (GNOME_PASSWORD_DIALOG (info->vpn_password_dialog), FALSE);
+	gnome_password_dialog_set_show_remember (GNOME_PASSWORD_DIALOG (info->vpn_password_dialog), TRUE);
+	g_object_set_data_full (G_OBJECT (info->vpn_password_dialog), "NetworkManagerInfoVPN-username", g_strdup (username), (GDestroyNotify) g_free);
+	g_object_set_data_full (G_OBJECT (info->vpn_password_dialog), "NetworkManagerInfoVPN-vpn", g_strdup (vpn), (GDestroyNotify) g_free);
+	g_signal_connect (info->vpn_password_dialog, "response", G_CALLBACK (response_cb), info);
+	g_signal_connect (info->vpn_password_dialog, "close", G_CALLBACK (close_cb), info);
+	gtk_widget_show (info->vpn_password_dialog);
+}
+
+void nmi_vpn_cancel_request_password (NMIAppInfo *info)
+{
+	if (info->vpn_password_dialog)
+	{
+		gtk_widget_destroy (info->vpn_password_dialog);
+		dbus_message_unref (info->vpn_password_message);
+		info->vpn_password_message = NULL;
+	}
+}
diff --git a/info-daemon/NetworkManagerInfoVPN.h b/info-daemon/NetworkManagerInfoVPN.h
new file mode 100644
index 0000000000..6f0bf968c0
--- /dev/null
+++ b/info-daemon/NetworkManagerInfoVPN.h
@@ -0,0 +1,34 @@
+/* NetworkManagerInfo -- Manage allowed access points and provide a UI
+ *                         for WEP key entry
+ *
+ * Colin Walters <walters@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * (C) Copyright 2004 Red Hat, Inc.
+ */
+
+#ifndef NETWORK_MANAGER_INFO_VPN_H
+#define NETWORK_MANAGER_INFO_VPN_H
+
+#include "NetworkManagerInfo.h"
+
+int		nmi_vpn_init	(NMIAppInfo *info);
+
+void		nmi_vpn_request_password (NMIAppInfo *info, DBusMessage *message, const char *vpn, const char *username, gboolean retry);
+
+void		nmi_vpn_cancel_request_password	(NMIAppInfo *info);
+
+#endif