Re: [Evolution] login password



On Mon, 2011-01-17 at 14:08 -0600, Albert Wagner wrote: 
On 01/17/2011 11:32 AM, Adam Tauno Williams wrote:
On Mon, 2011-01-17 at 11:01 -0600, Albert Wagner wrote:
And I don't think you need to be particularly "experienced" with them to
let a program use keyrings - it's just an encrypted store of passwords.
My login password allows anyone with access to it, including evolution
developers, to perform actions requiring root permissions.
Er, what?? How do evolution developers have access to your password via
use of the keyring?  They don't, can't, and I suspect you don't
understand are keyrings work.
Absolutely right.  But I understand popups.
A popup message claims that evolution cannot access the keyring without 
the password used for logging in.  I automatically log in without 
entering my password.

By default it creates a keyring using your login password [via
integration with GDM?  I don't remember].  Just run Seahorse and change
your keyring password to anything you like.

Even if they did have your username and password, which they don't, how
would that allow "root" permissions?  Unless you are logging in as root,
which you shouldn't.
Not logged in as root.  But occasionally I use su and sudo.  Are those 
not available on your distribution?

gnome-su prompts don't typically same the root-password to the keyring
by default; so it doesn't really matter.

Anyway, on a Kerberos-enabled network [which I am], su/sudo are password
free - I don't get prompted for a password [one either has the privilege
to perform an operation or you don't].




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]