Re: Current network-password-saving feature needs improvement.



fre 2002-07-19 klockan 14.10 skrev Rashmi Agrawal:

> GDM can be used to start the secret key server while logging in for one
> time master password prompt.
> But the disadvantage of this is that even if the user doesn't want to use
> the services, he still needs to give the
> master passwd which is not required. Rather, the server could be started
> when any of the service is used for
> the first time. From then on, if the secret key server is already
> running, it would not be started again.

The user shouldn't be prompted for the password unless it's needed. The
daemon can be launched by GDM or gnome-session but have the keychain
locked until it's unlocked by the user giving the password.

I guess what they do in Mac OS they use the same password for the
default keychain as for the login so that when you login you
automatically unlock the default keychain. 

When an application wants access to a certain key the keychain manager
searches all open keychains to see if the key exists in any of them. If
it does it checks if the application is trusted to get the key, if not
it asks the users something like: "Application X wants access to KEY in
keychain KEYCHAIN". If it's not in any of the unlocked keychains it
looks for them in the unlocked keychains, if it's found the user is
prompted for the password with something like: "Application X wants
access to KEY which is in keychain KEYCHAIN, if you want to give it
access you need to unlock the keychain by typing your password"...

If we don't want GDM or gnome-session to start the daemon it can be
started when first needed. This can be done by bonobo-activation.

Regards,
  Mikael Hallendal

-- 
Mikael Hallendal                micke codefactory se
CodeFactory AB                  http://www.codefactory.se/
Office: +46 (0)8 587 583 05     Cell: +46 (0)709 718 918



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]