Re: Porposing libgnomesu for 2.10

John McCutchan wrote:

Could we get similar behavior to RedHat's pam_timestamp by using
gnome-keyring to store the password for a certain amount of time?
You could, but it wouldn't be secure. While the keyring is unlocked, any application could read the root password. Any scheme of that sort will be difficult/impossible to secure.

With pam_timestamp and sudo, it doesn't store the root password between invocations -- instead it stores timestamp files in a directory the user can't write to. If the timestamp is sufficiently recent it doesn't prompt for the password.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]