Re: [gnome-love] gnome-keyring and PAM

From: "W. Michael Petullo" <mike flyn org>
To: gnome-love gnome org
Subject: Re: [gnome-love] gnome-keyring and PAM
Date: Wed, 26 May 2004 19:31:58 -0500

Would it make sense to write a PAM module that unlocks the default keyring
automatically when a user logs in using the user's system authentication
token?  I have experience programming with PAM and may be interested in
implementing this.


      Each gnome keyring is encrypted using the keyring master
password, so if we want to automatically unlock them we would need to
store master passwords somewhere unencrypted, and I think we don't want
it.


In my proposed scenario the master password would not be stored encrypted
anywhere on disk.  When a user logs in he enters his password.  PAM uses
this password to 1) authenticate the user and 2) unlock the gnome keyring.
The only place the unencrypted password will be is in memory just as it
is now.

If some type of physical token or otherwise sophisticated system
authenticator is used then it may also be used to unlock the gnome
keyring.

-- 
Mike

:wq

References:
- [gnome-love] gnome-keyring and PAM
  - From: mike flyn org
- Re: [gnome-love] gnome-keyring and PAM
  - From: Fernando Herrera

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]