Re: Automatically unlock your gnome-keyring keyring on login

Wouter Bolsterlee wrote:
> 2007-07-23 klockan 19:27 skrev Stef Walter:
> How is this fundamentally different from what libpam-keyring does?

It's obviously inspired by pam_keyring (which I alluded to in my
previous email).

Most importantly:

1. Not having this as part of gnome-keyring and thus a
   part of the default install of your average distro
   made GNOME look kinda stupid to the average user:
   "I have to enter my password again? Give me a break!"

And less importantly:

2. It only starts gnome-keyring-daemon when necessary, so
   it can be used to unlock keyrings when the user types
   their screensaver password. [1]

3. It tracks the password changes of the user as best it
   can [2], and changes the keyring password to match.

4. It always operates on a single 'login' keyring. In the
   case of other keyrings, if the user has any, can have
   their unlocking slaved to that one (with a simple
   check of a checkbox).

5. It's LGPL so it avoids the gray area of loading a GPL
   shared library into non-GPL applications.

6. It doesn't use glib or any special libraries in the PAM
   module, thus avoiding linker conflicts in PAM using

For more details, see that link:

Stef Walter

[1] The keyrings should be locked on hibernate, (otherwise all the users
secrets get written in plaintext to the disk, ie: why are we encrypting
at all).

[2] Some tools like gnome-system-tools munge /etc/shadow manually
instead of going through PAM :(

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]