Re: gnome-keyring Obtaining a TGT without unrestricted access to password.

From: Russ Allbery <rra stanford edu>
To: Simo Sorce <simo redhat com>
Cc: Guido G?nther <agx sigxcpu org>, David Woodhouse <dwmw2 infradead org>, gnome-keyring-list gnome org, krbdev mit edu, stefw collabora co uk
Subject: Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
Date: Thu, 16 Jun 2011 08:23:59 -0700

Simo Sorce <simo redhat com> writes:

> Purpose that is defeated if someone stores the password in clear text,
> in a way that the user can query it, or not in kernel protected memory
> ... like gnome-keyring does ...

Indeed.  Which is why in the long run we're looking at other preauth
mechanisms to require things like multifactor authentication, which will
continue to work well with the desired behavior if one uses renewable
tickets, but which will completely break (intentionally) what's otherwise
being discussed here....

-- 
Russ Allbery (rra stanford edu)             <http://www.eyrie.org/~eagle/>

References:
- gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: David Woodhouse
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Russ Allbery
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Guido =?iso-8859-1?Q?G=FCnther?=
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: David Woodhouse
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Roland C. Dowdeswell
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: David Woodhouse
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Russ Allbery
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Simo Sorce

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]