Re: gnome-keyring Obtaining a TGT without unrestricted access to password.



On Thu, Jun 16, 2011 at 10:49 AM, Roland C. Dowdeswell <elric imrryr org> wrote:
> How about the prevalence of userland programs that presume that
> the presentation of a user's passwd indicates that the user is
> actually sitting in front of the keyboard?  There are many programs
> that will intentionally reprompt for a user's passwd to perform
> administrative or high risk activities.  Examples that come to mind
> are kadmin, kpasswd, sudo.  This model is also used in enterprises
> for high risk business transactions (frequently with pressure from
> regulators).
>
> How does one square away the storing of a passwd in memory against
> this existing prevalent use case?  Other than simply transitioning
> to OTP in order to defeat it?

You either ignore this problem or you use OTP or PKINIT with
non-extractable private keys stored in smartcards.

Nico
--


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]