Re: gnome-keyring Using gkr for Kerberos/NTLM single-sign-on handling

From: David Woodhouse <dwmw2 infradead org>
To: Stef Walter <stefw collabora co uk>
Cc: gnome-keyring-list gnome org, "Rossi, Christopher" <christopher rossi intel com>
Subject: Re: gnome-keyring Using gkr for Kerberos/NTLM single-sign-on handling
Date: Tue, 26 Apr 2011 18:41:02 +0100

On Tue, 2011-04-26 at 19:17 +0200, Stef Walter wrote:
> On 04/26/11 19:01, David Woodhouse wrote:
> > We need to move to the model that Windows uses, where you log in using
> > your *local* password (which lets you unlock your home directory
> > encryption and gnome-keyring, etc.), and then something *notices* that
> > your local password no longer matches the network password and prompts
> > you to enter your new network password.
> > 
> > That "something" should almost certainly be part of gnome-keyring.
> 
> Certainly interesting, and could fit with gnome-keyring like you
> suggested. I have the following initial questions:
> 
>  1. Besides coordination of the login password, what other parts
>     functionally dependent on gnome-keyring?

We use some stuff from egg/ for secure storage handling, and we re-use a
bunch of the gkr code for listening on a Unix socket and handling
requests. If we weren't incorporated into gkr when we'd have to run as a
*separate* dæmon for handling that. That's mostly it, I think.

>  2. What software dependencies would this add to gnome-keyring?

The NTLM bits are self-contained, so nothing added there.

It would optionally add linkage against krb5 client libraries, to handle
the Kerberos bits.

-- 
dwmw2

Follow-Ups:
- Re: gnome-keyring Using gkr for Kerberos/NTLM single-sign-on handling
  - From: Stef Walter

References:
- gnome-keyring Using gkr for Kerberos/NTLM single-sign-on handling
  - From: David Woodhouse
- Re: gnome-keyring Using gkr for Kerberos/NTLM single-sign-on handling
  - From: Stef Walter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]