Re: gnome-keyring Problems integrating DBus code into Gnome Keyring

From: David Woodhouse <dwmw2 infradead org>
To: Stef Walter <stefw collabora co uk>
Cc: "chrisrossimail gmail com" <chrisrossimail gmail com>, "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
Subject: Re: gnome-keyring Problems integrating DBus code into Gnome Keyring
Date: Mon, 13 Jun 2011 23:43:35 +0100

On Mon, 2011-06-13 at 16:40 +0100, David Woodhouse wrote:
> We'll take a look at how hard it would be to hack the Kerberos libraries
> (both of the popular implementations) to support that kind of 'hook'... 

I looked at the MIT krb5 implementation. It does support 'preauth'
modules which looked very promising at first, but on closer inspection I
don't think it will work. The problem is that the hooks are only
designed to handle *new* preauth types, not replace the ones for which
there are internal handlers. So it unconditionally tries its internal
handlers first, and those will fail unless they have the *actual*
password. If we do provide a module for the various password-based PA
types, it'll never get called.

So although I liked the idea of doing the TGT fetch outside gkr and just
using gkr for decrypting the session key, I think we are going to have
to do it from within a thread in gkr.

-- 
dwmw2

References:
- Re: gnome-keyring Problems integrating DBus code into Gnome Keyring
  - From: Stef Walter
- Re: gnome-keyring Problems integrating DBus code into Gnome Keyring
  - From: David Woodhouse
- Re: gnome-keyring Problems integrating DBus code into Gnome Keyring
  - From: Stef Walter
- Re: gnome-keyring Problems integrating DBus code into Gnome Keyring
  - From: David Woodhouse

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]