Re: Automatically unlock your gnome-keyring keyring on login
- From: Stef Walter <stef-list memberwebs com>
- To: desktop-devel-list gnome org
- Subject: Re: Automatically unlock your gnome-keyring keyring on login
- Date: Mon, 23 Jul 2007 21:24:51 +0000 (UTC)
Wouter Bolsterlee wrote:
> 2007-07-23 klockan 19:27 skrev Stef Walter:
>> http://live.gnome.org/GnomeKeyring/Pam
>
> How is this fundamentally different from what libpam-keyring does?
It's obviously inspired by pam_keyring (which I alluded to in my
previous email).
Most importantly:
1. Not having this as part of gnome-keyring and thus a
part of the default install of your average distro
made GNOME look kinda stupid to the average user:
"I have to enter my password again? Give me a break!"
And less importantly:
2. It only starts gnome-keyring-daemon when necessary, so
it can be used to unlock keyrings when the user types
their screensaver password. [1]
3. It tracks the password changes of the user as best it
can [2], and changes the keyring password to match.
4. It always operates on a single 'login' keyring. In the
case of other keyrings, if the user has any, can have
their unlocking slaved to that one (with a simple
check of a checkbox).
5. It's LGPL so it avoids the gray area of loading a GPL
shared library into non-GPL applications.
6. It doesn't use glib or any special libraries in the PAM
module, thus avoiding linker conflicts in PAM using
processes.
For more details, see that link:
http://live.gnome.org/GnomeKeyring/Pam
Cheers,
Stef Walter
[1] The keyrings should be locked on hibernate, (otherwise all the users
secrets get written in plaintext to the disk, ie: why are we encrypting
at all).
[2] Some tools like gnome-system-tools munge /etc/shadow manually
instead of going through PAM :(
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
