Re: gnome-keyring kerying - unlocks if I change or remove the password in /etc/shadow?

From: Stef Walter <stefw collabora co uk>
To: Marek Andreánsky <marek andreansky sk>
Cc: "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
Subject: Re: gnome-keyring kerying - unlocks if I change or remove the password in /etc/shadow?
Date: Thu, 17 Mar 2011 10:37:48 +0100

BTW, gnome-keyring-list gnome org is a good place to send or CC these
sorts of questions.

On 03/16/2011 04:37 PM, Marek Andreánsky wrote:
> Thanks for the info, will try it later and see how it works (don't doubt
> you but better to double check :).
> And what happens when I change or remove that users password when he is
> still logged in and then try to log in using the new pass? Will the
> existing user get a pop up from the keyring that his pass has been
> changed and he needs to retype his old password ? 

It depends how the password is changed. If it's changed via PAM, and the
user's old password is entered, then the keyring will change the
password automatically. The active user may get prompted at some point
though. It may be good to test.

> What about the potential hacker, if he logs in while that user is still
> logged in, the keyring will probably ask the old pass, right? 

If a hacker gets access to the user's active session, then it's game over.

http://live.gnome.org/GnomeKeyring/SecurityPhilosophy

> Can two instances of the same keyring (belong to the same user, same
> login password) run on a single pc?

In general, yes, but there may be some corner cases that don't work.

Cheers,

Stef

References:
- gnome-keyring kerying - unlocks if I change or remove the password in /etc/shadow?
  - From: =?ISO-8859-1?Q?Marek_Andre=E1nsky?=
- Re: gnome-keyring kerying - unlocks if I change or remove the password in /etc/shadow?
  - From: Stef Walter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]