Re: gnome-keyring Obtaining a TGT without unrestricted access to password.

From: Simo Sorce <simo redhat com>
To: Russ Allbery <rra stanford edu>
Cc: Guido G?nther <agx sigxcpu org>, David Woodhouse <dwmw2 infradead org>, gnome-keyring-list gnome org, krbdev mit edu, stefw collabora co uk
Subject: Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
Date: Thu, 16 Jun 2011 11:21:29 -0400

On Thu, 2011-06-16 at 08:10 -0700, Russ Allbery wrote:
> For example, our ticket lifetime is 25 hours and our renewable
> lifetime is
> 14 days.  I actually want our users to have to re-enter their password
> every 14 days, or rather, I want the person who stole their laptop to
> have
> full use of their account for at most 14 days after the point at which
> they stole it, even if they don't tell us about that. 

Purpose that is defeated if someone stores the password in clear text,
in a way that the user can query it, or not in kernel protected
memory ... like gnome-keyring does ...

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

Follow-Ups:
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Russ Allbery

References:
- gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: David Woodhouse
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Russ Allbery
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Guido =?iso-8859-1?Q?G=FCnther?=
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: David Woodhouse
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Roland C. Dowdeswell
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: David Woodhouse
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Russ Allbery

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]