Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
- From: Russ Allbery <rra stanford edu>
- To: David Woodhouse <dwmw2 infradead org>
- Cc: Guido Günther <agx sigxcpu org>, stefw collabora co uk, krbdev mit edu, gnome-keyring-list gnome org
- Subject: Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
- Date: Wed, 15 Jun 2011 18:28:55 -0700
David Woodhouse <dwmw2 infradead org> writes:
> I'm trying to implement automatic renewal of Kerberos tickets during the
> lifetime of a user's session.
> The user's password is learned at login time and stored within the
> gnome-keyring dæmon.
Why don't you just obtain renewable tickets and renew them instead of
storing the password in memory?
> My second thought was that perhaps the keyring could be asked for the
> result of str2key on the password. That's not the actual *password*, at
> least. But I suspect that even that is still too sensitive to be handing
> it out?
It's completely equivalent to the password.
Russ Allbery (rra stanford edu) <http://www.eyrie.org/~eagle/>
] [Thread Prev