Re: [Evolution] login password

On Mon, 2011-01-17 at 21:28 -0500, Adam Tauno Williams wrote:
On Mon, 2011-01-17 at 14:08 -0600, Albert Wagner wrote: 
On 01/17/2011 11:32 AM, Adam Tauno Williams wrote:
On Mon, 2011-01-17 at 11:01 -0600, Albert Wagner wrote:
And I don't think you need to be particularly "experienced" with them to
let a program use keyrings - it's just an encrypted store of passwords.
My login password allows anyone with access to it, including evolution
developers, to perform actions requiring root permissions.
Er, what?? How do evolution developers have access to your password via
use of the keyring?  They don't, can't, and I suspect you don't
understand are keyrings work.
Absolutely right.  But I understand popups.
A popup message claims that evolution cannot access the keyring without 
the password used for logging in.  I automatically log in without 
entering my password.

By default it creates a keyring using your login password [via
integration with GDM?  I don't remember].

Sort of.  It does it via PAM - i.e. when you login GDM authenticates
through PAM, that process also authenticates gnome-keyring and so
unlocks your passwords & keys.  It is neither required nor a default
action to do this: when gnome-keyring is setup it asks you what password
you want to use and whether you want to automatically unlock the keyring
when you login.

Even if they did have your username and password, which they don't, how
would that allow "root" permissions?  Unless you are logging in as root,
which you shouldn't.
Not logged in as root.  But occasionally I use su and sudo.  Are those 
not available on your distribution?

/bin/su always asks for the root password - sudo was only supposed to be
used to give users access to a specific small subset of commands they
may need to run as root - not be used to give passwordless root access
like in Ubuntu

Anyway, on a Kerberos-enabled network [which I am], su/sudo are password
free - I don't get prompted for a password [one either has the privilege
to perform an operation or you don't].

kerberised systems are very different ...


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]