all: move setting 802-1x.auth-retries to connection.auth-retries

The number of authentication retires is useful also for passwords aside
802-1x settings. For example, src/devices/wifi/nm-device-wifi.c also has
a retry counter and uses a hard-coded value of 3.

Move the setting, so that it can be used in general. Although it is still
not implemented for other settings.

This is an API and ABI break.

15 files changed, 106 insertions, 105 deletions

diff --git a/clients/common/nm-meta-setting-desc.c b/clients/common/nm-meta-setting-desc.c
index 573bee7cb8..1ed6b433d8 100644
--- a/clients/common/nm-meta-setting-desc.c
+++ b/clients/common/nm-meta-setting-desc.c
@@ -4691,9 +4691,6 @@ static const NMMetaPropertyInfo *const property_infos_802_1X[] = {
 	PROPERTY_INFO_WITH_DESC (NM_SETTING_802_1X_AUTH_TIMEOUT,
 		.property_type =                &_pt_gobject_int,
 	),
-	PROPERTY_INFO_WITH_DESC (NM_SETTING_802_1X_AUTH_RETRIES,
-		.property_type =                &_pt_gobject_int,
-	),
 	NULL
 };
 
@@ -4972,6 +4969,9 @@ static const NMMetaPropertyInfo *const property_infos_CONNECTION[] = {
 			),
 		),
 	),
+	PROPERTY_INFO_WITH_DESC (NM_SETTING_CONNECTION_AUTH_RETRIES,
+		.property_type =                &_pt_gobject_int,
+	),
 	PROPERTY_INFO_WITH_DESC (NM_SETTING_CONNECTION_TIMESTAMP,
 		.property_type =                &_pt_gobject_readonly,
 	),
diff --git a/clients/common/settings-docs.c.in b/clients/common/settings-docs.c.in
index c56f0a8af7..b523a39428 100644
--- a/clients/common/settings-docs.c.in
+++ b/clients/common/settings-docs.c.in
@@ -43,7 +43,6 @@
 #define DESCRIBE_DOC_NM_SETTING_WIRELESS_SECURITY_WPS_METHOD N_("Flags indicating which mode of WPS is to be used if any. There's little point in changing the default setting as NetworkManager will automatically determine whether it's feasible to start WPS enrollment from the Access Point capabilities. WPS can be disabled by setting this property to a value of 1.")
 #define DESCRIBE_DOC_NM_SETTING_802_1X_ALTSUBJECT_MATCHES N_("List of strings to be matched against the altSubjectName of the certificate presented by the authentication server. If the list is empty, no verification of the server certificate's altSubjectName is performed.")
 #define DESCRIBE_DOC_NM_SETTING_802_1X_ANONYMOUS_IDENTITY N_("Anonymous identity string for EAP authentication methods.  Used as the unencrypted identity with EAP types that support different tunneled identity like EAP-TTLS.")
-#define DESCRIBE_DOC_NM_SETTING_802_1X_AUTH_RETRIES N_("The number of retries for the authentication. Zero means to try indefinitely; -1 means to use a global default. If the global default is not set, the authentication retries for 3 times before failing the connection.")
 #define DESCRIBE_DOC_NM_SETTING_802_1X_AUTH_TIMEOUT N_("A timeout for the authentication. Zero means the global default; if the global default is not set, the authentication timeout is 25 seconds.")
 #define DESCRIBE_DOC_NM_SETTING_802_1X_CA_CERT N_("Contains the CA certificate if used by the EAP method specified in the \"eap\" property. Certificate data is specified using a \"scheme\"; two are currently supported: blob and path. When using the blob scheme (which is backwards compatible with NM 0.7.x) this property should be set to the certificate's DER encoded data. When using the path scheme, this property should be set to the full UTF-8 encoded path of the certificate, prefixed with the string \"file://\" and ending with a terminating NUL byte. This property can be unset even if the EAP method supports CA certificates, but this allows man-in-the-middle attacks and is NOT recommended.")
 #define DESCRIBE_DOC_NM_SETTING_802_1X_CA_CERT_PASSWORD N_("The password used to access the CA certificate stored in \"ca-cert\" property. Only makes sense if the certificate is stored on a PKCS#11 token that requires a login.")
@@ -135,6 +134,7 @@
 #define DESCRIBE_DOC_NM_SETTING_CDMA_PASSWORD N_("The password used to authenticate with the network, if required.  Many providers do not require a password, or accept any password.  But if a password is required, it is specified here.")
 #define DESCRIBE_DOC_NM_SETTING_CDMA_PASSWORD_FLAGS N_("Flags indicating how to handle the \"password\" property.")
 #define DESCRIBE_DOC_NM_SETTING_CDMA_USERNAME N_("The username used to authenticate with the network, if required.  Many providers do not require a username, or accept any username.  But if a username is required, it is specified here.")
+#define DESCRIBE_DOC_NM_SETTING_CONNECTION_AUTH_RETRIES N_("The number of retries for the authentication. Zero means to try indefinitely; -1 means to use a global default. If the global default is not set, the authentication retries for 3 times before failing the connection. Currently this only applies to 802-1x authentication.")
 #define DESCRIBE_DOC_NM_SETTING_CONNECTION_AUTOCONNECT N_("Whether or not the connection should be automatically connected by NetworkManager when the resources for the connection are available. TRUE to automatically activate the connection, FALSE to require manual intervention to activate the connection.")
 #define DESCRIBE_DOC_NM_SETTING_CONNECTION_AUTOCONNECT_PRIORITY N_("The autoconnect priority. If the connection is set to autoconnect, connections with higher priority will be preferred. Defaults to 0. The higher number means higher priority.")
 #define DESCRIBE_DOC_NM_SETTING_CONNECTION_AUTOCONNECT_RETRIES N_("The number of times a connection should be tried when autoactivating before giving up. Zero means forever, -1 means the global default (4 times if not overridden). Setting this to 1 means to try activation only once before blocking autoconnect. Note that after a timeout, NetworkManager will try to autoconnect again.")
diff --git a/libnm-core/nm-setting-8021x.c b/libnm-core/nm-setting-8021x.c
index b9f37df8d7..af195211dc 100644
--- a/libnm-core/nm-setting-8021x.c
+++ b/libnm-core/nm-setting-8021x.c
@@ -116,7 +116,6 @@ typedef struct {
 	NMSettingSecretFlags phase2_private_key_password_flags;
 	gboolean system_ca_certs;
 	gint auth_timeout;
-	gint auth_retries;
 } NMSetting8021xPrivate;
 
 enum {
@@ -165,7 +164,6 @@ enum {
 	PROP_PIN_FLAGS,
 	PROP_SYSTEM_CA_CERTS,
 	PROP_AUTH_TIMEOUT,
-	PROP_AUTH_RETRIES,
 
 	LAST_PROP
 };
@@ -2747,25 +2745,6 @@ nm_setting_802_1x_get_auth_timeout (NMSetting8021x *setting)
 	return NM_SETTING_802_1X_GET_PRIVATE (setting)->auth_timeout;
 }
 
-/**
- * nm_setting_802_1x_get_auth_retries:
- * @setting: the #NMSetting8021x
- *
- * Returns the value contained in the #NMSetting8021x:auth-retries property.
- *
- * Returns: the configured authentication retries in seconds. Zero means
- * infinity and -1 means a global default value.
- *
- * Since: 1.10
- **/
-gint
-nm_setting_802_1x_get_auth_retries (NMSetting8021x *setting)
-{
-	g_return_val_if_fail (NM_IS_SETTING_802_1X (setting), -1);
-
-	return NM_SETTING_802_1X_GET_PRIVATE (setting)->auth_retries;
-}
-
 static void
 need_secrets_password (NMSetting8021x *self,
                        GPtrArray *secrets,
@@ -3644,9 +3623,6 @@ set_property (GObject *object, guint prop_id,
 	case PROP_AUTH_TIMEOUT:
 		priv->auth_timeout = g_value_get_int (value);
 		break;
-	case PROP_AUTH_RETRIES:
-		priv->auth_retries = g_value_get_int (value);
-		break;
 	default:
 		G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
 		break;
@@ -3793,9 +3769,6 @@ get_property (GObject *object, guint prop_id,
 	case PROP_AUTH_TIMEOUT:
 		g_value_set_int (value, priv->auth_timeout);
 		break;
-	case PROP_AUTH_RETRIES:
-		g_value_set_int (value, priv->auth_retries);
-		break;
 	default:
 		G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
 		break;
@@ -4851,30 +4824,4 @@ nm_setting_802_1x_class_init (NMSetting8021xClass *setting_class)
 		                   G_PARAM_READWRITE |
 		                   NM_SETTING_PARAM_FUZZY_IGNORE |
 		                   G_PARAM_STATIC_STRINGS));
-
-	/**
-	 * NMSetting8021x:auth-retries:
-	 *
-	 * The number of retries for the authentication. Zero means to try indefinitely; -1 means
-	 * to use a global default. If the global default is not set, the authentication
-	 * retries for 3 times before failing the connection.
-	 *
-	 * Since: 1.10
-	 **/
-	/* ---ifcfg-rh---
-	 * property: auth-retries
-	 * variable: IEEE_8021X_AUTH_RETRIES(+)
-	 * default: 0
-	 * description: Number of retries for the 802.1X authentication.
-	 * ---end---
-	 */
-	g_object_class_install_property
-		(object_class, PROP_AUTH_RETRIES,
-		 g_param_spec_int (NM_SETTING_802_1X_AUTH_RETRIES, "", "",
-		                   -1, G_MAXINT32, -1,
-		                   G_PARAM_READWRITE |
-		                   G_PARAM_CONSTRUCT |
-		                   NM_SETTING_PARAM_FUZZY_IGNORE |
-		                   G_PARAM_STATIC_STRINGS));
-
 }
diff --git a/libnm-core/nm-setting-8021x.h b/libnm-core/nm-setting-8021x.h
index 53f5bb5239..e1631e2d51 100644
--- a/libnm-core/nm-setting-8021x.h
+++ b/libnm-core/nm-setting-8021x.h
@@ -151,7 +151,6 @@ typedef enum { /*< underscore_name=nm_setting_802_1x_auth_flags >*/
 #define NM_SETTING_802_1X_PIN_FLAGS "pin-flags"
 #define NM_SETTING_802_1X_SYSTEM_CA_CERTS "system-ca-certs"
 #define NM_SETTING_802_1X_AUTH_TIMEOUT "auth-timeout"
-#define NM_SETTING_802_1X_AUTH_RETRIES "auth-retries"
 
 /* PRIVATE KEY NOTE: when setting PKCS#12 private keys directly via properties
  * using the "blob" scheme, the data must be passed in PKCS#12 binary format.
@@ -362,8 +361,6 @@ NM_AVAILABLE_IN_1_8
 NMSetting8021xAuthFlags nm_setting_802_1x_get_phase1_auth_flags          (NMSetting8021x *setting);
 NM_AVAILABLE_IN_1_8
 gint                   nm_setting_802_1x_get_auth_timeout                (NMSetting8021x *setting);
-NM_AVAILABLE_IN_1_10
-gint                   nm_setting_802_1x_get_auth_retries                (NMSetting8021x *setting);
 
 G_END_DECLS
 
diff --git a/libnm-core/nm-setting-connection.c b/libnm-core/nm-setting-connection.c
index 22b1f3891d..24c65e7c5e 100644
--- a/libnm-core/nm-setting-connection.c
+++ b/libnm-core/nm-setting-connection.c
@@ -80,6 +80,7 @@ typedef struct {
 	guint gateway_ping_timeout;
 	NMMetered metered;
 	NMSettingConnectionLldp lldp;
+	gint auth_retries;
 } NMSettingConnectionPrivate;
 
 enum {
@@ -103,6 +104,7 @@ enum {
 	PROP_METERED,
 	PROP_LLDP,
 	PROP_STABLE_ID,
+	PROP_AUTH_RETRIES,
 
 	LAST_PROP
 };
@@ -553,6 +555,25 @@ nm_setting_connection_get_autoconnect_retries (NMSettingConnection *setting)
 }
 
 /**
+ * nm_setting_connection_get_auth_retries:
+ * @setting: the #NMSettingConnection
+ *
+ * Returns the value contained in the #NMSettingConnection:auth-retries property.
+ *
+ * Returns: the configured authentication retries. Zero means
+ * infinity and -1 means a global default value.
+ *
+ * Since: 1.10
+ **/
+gint
+nm_setting_connection_get_auth_retries (NMSettingConnection *setting)
+{
+	g_return_val_if_fail (NM_IS_SETTING_CONNECTION (setting), -1);
+
+	return NM_SETTING_CONNECTION_GET_PRIVATE (setting)->auth_retries;
+}
+
+/**
  * nm_setting_connection_get_timestamp:
  * @setting: the #NMSettingConnection
  *
@@ -1308,6 +1329,9 @@ set_property (GObject *object, guint prop_id,
 	case PROP_LLDP:
 		priv->lldp = g_value_get_int (value);
 		break;
+	case PROP_AUTH_RETRIES:
+		priv->auth_retries = g_value_get_int (value);
+		break;
 	default:
 		G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
 		break;
@@ -1393,6 +1417,9 @@ get_property (GObject *object, guint prop_id,
 	case PROP_LLDP:
 		g_value_set_int (value, priv->lldp);
 		break;
+	case PROP_AUTH_RETRIES:
+		g_value_set_int (value, priv->auth_retries);
+		break;
 	default:
 		G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
 		break;
@@ -1928,4 +1955,31 @@ nm_setting_connection_class_init (NMSettingConnectionClass *setting_class)
 		                   G_PARAM_READWRITE |
 		                   G_PARAM_CONSTRUCT |
 		                   G_PARAM_STATIC_STRINGS));
+
+	/**
+	 * NMSettingConnection:auth-retries:
+	 *
+	 * The number of retries for the authentication. Zero means to try indefinitely; -1 means
+	 * to use a global default. If the global default is not set, the authentication
+	 * retries for 3 times before failing the connection.
+	 *
+	 * Currently this only applies to 802-1x authentication.
+	 *
+	 * Since: 1.10
+	 **/
+	/* ---ifcfg-rh---
+	 * property: auth-retries
+	 * variable: AUTH_RETRIES(+)
+	 * default: 0
+	 * description: Number of retries for authentication.
+	 * ---end---
+	 */
+	g_object_class_install_property
+		(object_class, PROP_AUTH_RETRIES,
+		 g_param_spec_int (NM_SETTING_CONNECTION_AUTH_RETRIES, "", "",
+		                   -1, G_MAXINT32, -1,
+		                   G_PARAM_READWRITE |
+		                   G_PARAM_CONSTRUCT |
+		                   NM_SETTING_PARAM_FUZZY_IGNORE |
+		                   G_PARAM_STATIC_STRINGS));
 }
diff --git a/libnm-core/nm-setting-connection.h b/libnm-core/nm-setting-connection.h
index bd5b98ff4a..02a7f5b10a 100644
--- a/libnm-core/nm-setting-connection.h
+++ b/libnm-core/nm-setting-connection.h
@@ -63,6 +63,7 @@ G_BEGIN_DECLS
 #define NM_SETTING_CONNECTION_GATEWAY_PING_TIMEOUT "gateway-ping-timeout"
 #define NM_SETTING_CONNECTION_METERED        "metered"
 #define NM_SETTING_CONNECTION_LLDP           "lldp"
+#define NM_SETTING_CONNECTION_AUTH_RETRIES   "auth-retries"
 
 /* Types for property values */
 /**
@@ -166,6 +167,9 @@ NMMetered   nm_setting_connection_get_metered (NMSettingConnection *setting);
 NM_AVAILABLE_IN_1_2
 NMSettingConnectionLldp nm_setting_connection_get_lldp (NMSettingConnection *setting);
 
+NM_AVAILABLE_IN_1_10
+gint        nm_setting_connection_get_auth_retries     (NMSettingConnection *setting);
+
 G_END_DECLS
 
 #endif /* __NM_SETTING_CONNECTION_H__ */
diff --git a/libnm-core/tests/test-general.c b/libnm-core/tests/test-general.c
index 0dc7616d6c..188cb28e63 100644
--- a/libnm-core/tests/test-general.c
+++ b/libnm-core/tests/test-general.c
@@ -2571,6 +2571,7 @@ test_connection_diff_a_only (void)
 			{ NM_SETTING_CONNECTION_GATEWAY_PING_TIMEOUT, NM_SETTING_DIFF_RESULT_IN_A },
 			{ NM_SETTING_CONNECTION_METERED,              NM_SETTING_DIFF_RESULT_IN_A },
 			{ NM_SETTING_CONNECTION_LLDP,                 NM_SETTING_DIFF_RESULT_IN_A },
+			{ NM_SETTING_CONNECTION_AUTH_RETRIES,         NM_SETTING_DIFF_RESULT_IN_A },
 			{ NULL, NM_SETTING_DIFF_RESULT_UNKNOWN }
 		} },
 		{ NM_SETTING_WIRED_SETTING_NAME, {
diff --git a/libnm/libnm.ver b/libnm/libnm.ver
index 1b245b277b..18ff993de4 100644
--- a/libnm/libnm.ver
+++ b/libnm/libnm.ver
@@ -1193,6 +1193,7 @@ global:
 	nm_device_ppp_get_type;
 	nm_ip_route_equal_full;
 	nm_setting_bridge_get_group_forward_mask;
+	nm_setting_connection_get_auth_retries;
 	nm_setting_ip_config_get_route_table;
 	nm_setting_ovs_bridge_get_fail_mode;
 	nm_setting_ovs_bridge_get_mcast_snooping_enable;
diff --git a/man/NetworkManager.conf.xml b/man/NetworkManager.conf.xml
index 357474eaf8..e2a914264f 100644
--- a/man/NetworkManager.conf.xml
+++ b/man/NetworkManager.conf.xml
@@ -642,6 +642,11 @@ ipv6.ip6-privacy=0
       explicitly allows for that.
       <variablelist>
         <varlistentry>
+          <term><varname>connection.auth-retries</varname></term>
+          <listitem><para>If left unspecified, the default value is 3 tries before failing the connection.
+          </para></listitem>
+        </varlistentry>
+        <varlistentry>
           <term><varname>connection.autoconnect-slaves</varname></term>
         </varlistentry>
         <varlistentry>
@@ -742,11 +747,6 @@ ipv6.ip6-privacy=0
           <listitem><para>If left unspecified, the default value
           "<literal>optional</literal>" will be used.</para></listitem>
         </varlistentry>
-        <varlistentry>
-          <term><varname>802-1x.auth-retries</varname></term>
-          <listitem><para>If left unspecified, the default value is 3 tries before failing the connection.
-          </para></listitem>
-        </varlistentry>
       </variablelist>
     </para>
     </refsect2>
diff --git a/src/devices/nm-device-ethernet.c b/src/devices/nm-device-ethernet.c
index 672ae3cd52..dd9d4c7715 100644
--- a/src/devices/nm-device-ethernet.c
+++ b/src/devices/nm-device-ethernet.c
@@ -272,7 +272,7 @@ device_state_changed (NMDevice *device,
 	               NM_DEVICE_STATE_FAILED,
 	               NM_DEVICE_STATE_DISCONNECTED)) {
 		priv = NM_DEVICE_ETHERNET_GET_PRIVATE (NM_DEVICE_ETHERNET (device));
-		priv->auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_UNSET;
+		priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET;
 	}
 }
 
@@ -284,7 +284,7 @@ nm_device_ethernet_init (NMDeviceEthernet *self)
 	priv = G_TYPE_INSTANCE_GET_PRIVATE (self, NM_TYPE_DEVICE_ETHERNET, NMDeviceEthernetPrivate);
 	self->_priv = priv;
 
-	priv->auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_UNSET;
+	priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET;
 	priv->s390_options = g_hash_table_new_full (nm_str_hash, g_str_equal, g_free, g_free);
 }
 
@@ -677,8 +677,8 @@ handle_auth_or_fail (NMDeviceEthernet *self,
 
 	priv = NM_DEVICE_ETHERNET_GET_PRIVATE (self);
 
-	if (!nm_device_802_1x_auth_retries_try_next (NM_DEVICE (self),
-	                                             &priv->auth_retries))
+	if (!nm_device_auth_retries_try_next (NM_DEVICE (self),
+	                                      &priv->auth_retries))
 		return NM_ACT_STAGE_RETURN_FAILURE;
 
 	nm_device_state_changed (NM_DEVICE (self), NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_NONE);
@@ -1344,7 +1344,7 @@ deactivate (NMDevice *device)
 	GError *error = NULL;
 
 	/* Clear wired secrets tries when deactivating */
-	priv->auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_UNSET;
+	priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET;
 
 	nm_clear_g_source (&priv->pppoe_wait_id);
 
diff --git a/src/devices/nm-device-macsec.c b/src/devices/nm-device-macsec.c
index d8e2cc9dbb..3d95d73478 100644
--- a/src/devices/nm-device-macsec.c
+++ b/src/devices/nm-device-macsec.c
@@ -484,8 +484,8 @@ handle_auth_or_fail (NMDeviceMacsec *self,
 
 	priv = NM_DEVICE_MACSEC_GET_PRIVATE (self);
 
-	if (!nm_device_802_1x_auth_retries_try_next (NM_DEVICE (self),
-	                                             &priv->auth_retries))
+	if (!nm_device_auth_retries_try_next (NM_DEVICE (self),
+	                                      &priv->auth_retries))
 		return NM_ACT_STAGE_RETURN_FAILURE;
 
 	nm_device_state_changed (NM_DEVICE (self), NM_DEVICE_STATE_NEED_AUTH, NM_DEVICE_STATE_REASON_NONE);
@@ -750,7 +750,7 @@ device_state_changed (NMDevice *device,
 	                          NM_DEVICE_STATE_FAILED,
 	                          NM_DEVICE_STATE_DISCONNECTED)) {
 		priv = NM_DEVICE_MACSEC_GET_PRIVATE (NM_DEVICE_MACSEC (device));
-		priv->auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_UNSET;
+		priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET;
 	}
 }
 
@@ -812,7 +812,7 @@ nm_device_macsec_init (NMDeviceMacsec *self)
 {
 	NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE (self);
 
-	priv->auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_UNSET;
+	priv->auth_retries = NM_DEVICE_AUTH_RETRIES_UNSET;
 }
 
 static void
diff --git a/src/devices/nm-device.c b/src/devices/nm-device.c
index 36cfc9c9af..4be9a3687f 100644
--- a/src/devices/nm-device.c
+++ b/src/devices/nm-device.c
@@ -14024,42 +14024,38 @@ nm_device_get_supplicant_timeout (NMDevice *self)
 }
 
 gboolean
-nm_device_802_1x_auth_retries_try_next (NMDevice *self, int *p_auth_retries)
+nm_device_auth_retries_try_next (NMDevice *self, int *p_auth_retries)
 {
-	NMConnection *applied_connection;
-	NMSetting8021x *security;
+	NMSettingConnection *s_con;
 	int auth_retries = *p_auth_retries;
 
-	if (G_UNLIKELY (auth_retries == NM_DEVICE_802_1X_AUTH_RETRIES_UNSET)) {
+	if (G_UNLIKELY (auth_retries == NM_DEVICE_AUTH_RETRIES_UNSET)) {
 		auth_retries = -1;
 
-		applied_connection = nm_device_get_applied_connection (NM_DEVICE (self));
-		if (applied_connection) {
-			security = nm_connection_get_setting_802_1x (applied_connection);
-			if (security)
-				auth_retries = nm_setting_802_1x_get_auth_retries (security);
-		}
+		s_con = NM_SETTING_CONNECTION (nm_device_get_applied_setting (self, NM_TYPE_SETTING_CONNECTION));
+		if (s_con)
+			auth_retries = nm_setting_connection_get_auth_retries (s_con);
 
 		if (auth_retries == -1) {
 			gs_free char *value = NULL;
 
 			value = nm_config_data_get_connection_default (NM_CONFIG_GET_DATA,
-			                                               "802-1x.auth-retries",
+			                                               "connection.auth-retries",
 			                                               self);
 			auth_retries = _nm_utils_ascii_str_to_int64 (value, 10, -1, G_MAXINT32, -1);
 		}
 
 		if (auth_retries == 0)
-			auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_INFINITY;
+			auth_retries = NM_DEVICE_AUTH_RETRIES_INFINITY;
 		else if (auth_retries == -1)
-			auth_retries = NM_DEVICE_802_1X_AUTH_RETRIES_DEFAULT;
+			auth_retries = NM_DEVICE_AUTH_RETRIES_DEFAULT;
 		else
 			nm_assert (auth_retries > 0);
 
 		*p_auth_retries = auth_retries;
 	}
 
-	if (auth_retries == NM_DEVICE_802_1X_AUTH_RETRIES_INFINITY)
+	if (auth_retries == NM_DEVICE_AUTH_RETRIES_INFINITY)
 		return TRUE;
 	if (auth_retries <= 0) {
 		nm_assert (auth_retries == 0);
diff --git a/src/devices/nm-device.h b/src/devices/nm-device.h
index 6e4aa0d9e2..90f9c1fc03 100644
--- a/src/devices/nm-device.h
+++ b/src/devices/nm-device.h
@@ -736,11 +736,11 @@ void nm_device_update_permanent_hw_address (NMDevice *self, gboolean force_freez
 void nm_device_update_dynamic_ip_setup (NMDevice *self);
 guint nm_device_get_supplicant_timeout (NMDevice *self);
 
-#define NM_DEVICE_802_1X_AUTH_RETRIES_UNSET    -1
-#define NM_DEVICE_802_1X_AUTH_RETRIES_INFINITY -2
-#define NM_DEVICE_802_1X_AUTH_RETRIES_DEFAULT  3
+#define NM_DEVICE_AUTH_RETRIES_UNSET    -1
+#define NM_DEVICE_AUTH_RETRIES_INFINITY -2
+#define NM_DEVICE_AUTH_RETRIES_DEFAULT  3
 
-gboolean nm_device_802_1x_auth_retries_try_next (NMDevice *self, int *p_auth_retry);
+gboolean nm_device_auth_retries_try_next (NMDevice *self, int *p_auth_retry);
 
 gboolean nm_device_hw_addr_get_cloned (NMDevice *self,
                                        NMConnection *connection,
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
index 7b487f0f93..4754bea5d3 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-reader.c
@@ -193,6 +193,7 @@ make_connection_setting (const char *file,
 	const char *v;
 	gs_free char *stable_id = NULL;
 	const char *const *iter;
+	int vint64;
 
 	ifcfg_name = utils_get_ifcfg_name (file, TRUE);
 	if (!ifcfg_name)
@@ -329,6 +330,9 @@ make_connection_setting (const char *file,
 		break;
 	}
 
+	vint64 = svGetValueInt64 (ifcfg, "AUTH_RETRIES", 10, -1, G_MAXINT32, -1);
+	g_object_set (s_con, NM_SETTING_CONNECTION_AUTH_RETRIES, (gint) vint64, NULL);
+
 	return NM_SETTING (s_con);
 }
 
@@ -3358,9 +3362,6 @@ next:
 	timeout = svGetValueInt64 (ifcfg, "IEEE_8021X_AUTH_TIMEOUT", 10, 0, G_MAXINT32, 0);
 	g_object_set (s_8021x, NM_SETTING_802_1X_AUTH_TIMEOUT, (gint) timeout, NULL);
 
-	timeout = svGetValueInt64 (ifcfg, "IEEE_8021X_AUTH_RETRIES", 10, -1, G_MAXINT32, -1);
-	g_object_set (s_8021x, NM_SETTING_802_1X_AUTH_RETRIES, (gint) timeout, NULL);
-
 	return g_steal_pointer (&s_8021x);
 }
 
diff --git a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
index fafaa848bd..a2c0bc7f62 100644
--- a/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
+++ b/src/settings/plugins/ifcfg-rh/nms-ifcfg-rh-writer.c
@@ -560,9 +560,6 @@ write_8021x_setting (NMConnection *connection,
 	vint = nm_setting_802_1x_get_auth_timeout (s_8021x);
 	svSetValueInt64_cond (ifcfg, "IEEE_8021X_AUTH_TIMEOUT", vint > 0, vint);
 
-	vint = nm_setting_802_1x_get_auth_retries (s_8021x);
-	svSetValueInt64_cond (ifcfg, "IEEE_8021X_AUTH_RETRIES", vint > 0, vint);
-
 	if (!write_8021x_certs (s_8021x, secrets, blobs, FALSE, ifcfg, error))
 		return FALSE;
 
@@ -1723,7 +1720,7 @@ write_connection_setting (NMSettingConnection *s_con, shvarFile *ifcfg)
 	guint32 n, i;
 	GString *str;
 	const char *master, *master_iface = NULL, *type;
-	gint i_int;
+	gint vint;
 	const char *tmp;
 
 	svSetValueStr (ifcfg, "NAME", nm_setting_connection_get_id (s_con));
@@ -1732,15 +1729,15 @@ write_connection_setting (NMSettingConnection *s_con, shvarFile *ifcfg)
 	svSetValueStr (ifcfg, "DEVICE", nm_setting_connection_get_interface_name (s_con));
 	svSetValueBoolean (ifcfg, "ONBOOT", nm_setting_connection_get_autoconnect (s_con));
 
-	i_int = nm_setting_connection_get_autoconnect_priority (s_con);
-	if (i_int != NM_SETTING_CONNECTION_AUTOCONNECT_PRIORITY_DEFAULT)
-		svSetValueInt64 (ifcfg, "AUTOCONNECT_PRIORITY", i_int);
+	vint = nm_setting_connection_get_autoconnect_priority (s_con);
+	if (vint != NM_SETTING_CONNECTION_AUTOCONNECT_PRIORITY_DEFAULT)
+		svSetValueInt64 (ifcfg, "AUTOCONNECT_PRIORITY", vint);
 	else
 		svUnsetValue (ifcfg, "AUTOCONNECT_PRIORITY");
 
-	i_int = nm_setting_connection_get_autoconnect_retries (s_con);
-	if (i_int != -1)
-		svSetValueInt64 (ifcfg, "AUTOCONNECT_RETRIES", i_int);
+	vint = nm_setting_connection_get_autoconnect_retries (s_con);
+	if (vint != -1)
+		svSetValueInt64 (ifcfg, "AUTOCONNECT_RETRIES", vint);
 	else
 		svUnsetValue (ifcfg, "AUTOCONNECT_RETRIES");
 
@@ -1874,6 +1871,9 @@ write_connection_setting (NMSettingConnection *s_con, shvarFile *ifcfg)
 	default:
 		svUnsetValue (ifcfg, "CONNECTION_METERED");
 	}
+
+	vint = nm_setting_connection_get_auth_retries (s_con);
+	svSetValueInt64_cond (ifcfg, "AUTH_RETRIES", vint >= 0, vint);
 }
 
 static char *