Re: GNOME keyring unlocking
- From: p10 <pditchev gmail com>
- To: Simon McVittie <simon mcvittie collabora co uk>
- Cc: desktop-devel-list gnome org
- Subject: Re: GNOME keyring unlocking
- Date: Thu, 10 Oct 2013 14:26:13 +0300
Thanks for the explanation , so the problem is not trivial . But it
still stands - people are setting empty passwords to avoid entering a
password every time + the auto-login option becomes practically obsolete
when using the keyring. So where do I further the discussion on that - a
bug , a blueprint ?
Petko
On Thu, 2013-10-10 at 11:33 +0100, Simon McVittie wrote:
On 10/10/13 11:13, p10 wrote:
autologin doesn't unlock the keyring . I think I
understand more or less why that's happening
The reason is: libpam-gnome-keyring needs your password to decrypt the
keyring. Without your password, it just doesn't have enough information.
Now my first question is - how does GDM store the password to autologin
a specific user
It doesn't. GDM (or at least, enough of GDM) is a privileged process
running as root with full capabilities, and can do whatever it has been
configured to do, including changing its uid to you without asking for a
password first.
Login processes *usually* prompt for, and check, an "ordinary password"
first - but that's not required. They can equally well use a
one-time-password scheme like OATH[1], query a fingerprint reader[2], or
just say "yes" regardless[3]. When GDM has been configured to
auto-login, its policy for that user's login is "just say yes".
when AFAIK the kernel handles user login services
The kernel doesn't handle user login services (at least, not on typical
Unix OSs like Linux and *BSD). The kernel allows processes with
appropriate capabilities[4] to become another user. That's all gdm has
to do.
S
[1] more secure than ordinary passwords
[2] not actually very secure
[3] not at all secure
[4] approximately "running as root", although on a modern system,
Linux capabilities (POSIX.1e draft capabilities) are also involved
_______________________________________________
desktop-devel-list mailing list
desktop-devel-list gnome org
https://mail.gnome.org/mailman/listinfo/desktop-devel-list
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
