Re: gnome-keyring Obtaining a TGT without unrestricted access to password.

From: Stef Walter <stefw collabora co uk>
To: Russ Allbery <rra stanford edu>
Cc: Gui, do Günther <agx sigxcpu org>, David Woodhouse <dwmw2 infradead org>, gnome-keyring-list gnome org, krbdev mit edu
Subject: Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
Date: Thu, 16 Jun 2011 08:54:55 +0100

On 06/16/2011 02:28 AM, Russ Allbery wrote:
>> David Woodhouse <dwmw2 infradead org> writes:
>> > The user's password is learned at login time and stored within the
>> > gnome-keyring dæmon.
> Why don't you just obtain renewable tickets and renew them instead of
> storing the password in memory?

That sounds interesting. Do you have pointers to how this works? I'm not
that familiar with Kerberos, so please bear with me :)

BTW, a nice future goal of gnome-keyring is to just have a set of hashes
of the login password in memory, each of which could be used for various
purposes, rather than storing the password in memory itself.

Among other things, this would require some file format changes for the
keyring files,

Cheers,

Stef

Follow-Ups:
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Russ Allbery

References:
- gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: David Woodhouse
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Russ Allbery

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]