Re: gnome-keyring Obtaining a TGT without unrestricted access to password.

From: Stef Walter <stefw collabora co uk>
To: gnome-keyring-list gnome org
Subject: Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
Date: Thu, 16 Jun 2011 08:49:15 +0100

On 06/16/2011 02:04 AM, David Woodhouse wrote:
> My second thought was that perhaps the keyring could be asked for the
> result of str2key on the password. That's not the actual *password*, at
> least. But I suspect that even that is still too sensitive to be handing
> it out?

As long as it's not reversible in the general case, this may be part of
a solution. What we really care about protecting is the plaintext
password, because it is used for all sorts of other things.

If the result of str2key can *only* be used to log into a kerberos
network (and cannot be reversed into the plain text), then it's by
definition less sensitive than the plain text password.

>From a quick look at the code, this appears to be the case. But it would
need an expert opinion to make sure this is the right assumption.

Cheers,

Stef

References:
- gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: David Woodhouse

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]