Re: gnome-keyring Obtaining a TGT without unrestricted access to password.

David Woodhouse <dwmw2 infradead org> writes:

> I'm trying to implement automatic renewal of Kerberos tickets during the
> lifetime of a user's session.

> The user's password is learned at login time and stored within the
> gnome-keyring dæmon.

Why don't you just obtain renewable tickets and renew them instead of
storing the password in memory?

> My second thought was that perhaps the keyring could be asked for the
> result of str2key on the password. That's not the actual *password*, at
> least. But I suspect that even that is still too sensitive to be handing
> it out?

It's completely equivalent to the password.

Russ Allbery (rra stanford edu)             <>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]