Re: gnome-keyring Obtaining a TGT without unrestricted access to password.

Simo Sorce <simo redhat com> writes:

> Purpose that is defeated if someone stores the password in clear text,
> in a way that the user can query it, or not in kernel protected memory
> ... like gnome-keyring does ...

Indeed.  Which is why in the long run we're looking at other preauth
mechanisms to require things like multifactor authentication, which will
continue to work well with the desired behavior if one uses renewable
tickets, but which will completely break (intentionally) what's otherwise
being discussed here....

Russ Allbery (rra stanford edu)             <>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]