Re: gnome-keyring Obtaining a TGT without unrestricted access to password.

From: Russ Allbery <rra stanford edu>
To: David Woodhouse <dwmw2 infradead org>
Cc: Guido Günther <agx sigxcpu org>, stefw collabora co uk, krbdev mit edu, gnome-keyring-list gnome org
Subject: Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
Date: Wed, 15 Jun 2011 18:28:55 -0700

David Woodhouse <dwmw2 infradead org> writes:

> I'm trying to implement automatic renewal of Kerberos tickets during the
> lifetime of a user's session.

> The user's password is learned at login time and stored within the
> gnome-keyring dæmon.

Why don't you just obtain renewable tickets and renew them instead of
storing the password in memory?

> My second thought was that perhaps the keyring could be asked for the
> result of str2key on the password. That's not the actual *password*, at
> least. But I suspect that even that is still too sensitive to be handing
> it out?

It's completely equivalent to the password.

-- 
Russ Allbery (rra stanford edu)             <http://www.eyrie.org/~eagle/>

Follow-Ups:
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: JC Ferguson
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Guido =?iso-8859-1?Q?G=FCnther?=
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Stef Walter
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: David Woodhouse

References:
- gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: David Woodhouse

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]