"Single sign-on" for the Gnome keyring
- From: Fredrik Tolf <fredrik dolda2000 com>
- To: gnome-devel-list gnome org
- Subject: "Single sign-on" for the Gnome keyring
- Date: Sat, 05 Aug 2006 19:35:49 +0200
I don't know if this is the right list to post this to, so please
correct me if I'm wrong.
Anyway, I borrowed a laptop from a friend (to fix a couple of problems
with it), using Ubuntu with Gnome 2.14 and NetworkManager. As you
probably know, NetworkManager's Gnome applet uses the Gnome keyring to
save WEP and WPA keys. Because of this, one has to unlock the keyring to
be able to connect to a network.
I found the following situation quite annoying. As soon as one logs into
Gnome (normally using a login password), one immediately has to unlock
the keyring as well, normally using the same password (does anyone use a
different password for login and the keyring?). Not a great deal, but
one shouldn't have to enter one's password twice in a row.
So I got this idea. How about writing a PAM module which would make a
crypto key from the login password (in a similar manner to how
gnome-keyring-daemon already does, but with the login password) and
store it in the Linux kernel's keyring utility (as introduced with, what
was it, 2.6.12?), and then having gnome-keyring-daemon use it instead of
asking for a password? A kind of SSO for the keyring, that is.
I've thought through the following considerations:
* Security is the same -- it's easy to extract the key from the
kernel's keyring, but so is extracting gnome-keyring-daemon's key using
ptrace. In both cases, it's stored in RAM, so it will disappear upon
system shutdown/crash or user logout.
* A layer of indirection has to be used, in case the user changes his
password. There will have to be a main key, which is encrypted with the
password-generated key, and when the login password is changed, the main
key will be reencrypted.
* The indirection layer will also provide a framework to solve
password-less logins or two-factor authentication, precisely because the
main key is fetched indirectly.
I'm fully intending to do this work myself. I'd just like to hear any
opinions about this scheme or any weaknesses spotted. Anyone?
] [Thread Prev