Re: [gnome-love] gnome-keyring and PAM
- From: Alexander Larsson <alexl redhat com>
- To: Fernando Herrera <fherrera onirica com>
- Cc: "mike flyn org" <mike flyn org>, gnome-love gnome org
- Subject: Re: [gnome-love] gnome-keyring and PAM
- Date: Thu, 27 May 2004 08:11:58 -0000
On Thu, 2004-05-27 at 01:36, Fernando Herrera wrote:
Wed, May 26, 2004 at 04:22:28PM -0500, mike flyn org escribió:
Would it make sense to write a PAM module that unlocks the default keyring
automatically when a user logs in using the user's system authentication
token? I have experience programming with PAM and may be interested in
implementing this.
Each gnome keyring is encrypted using the keyring master
password, so if we want to automatically unlock them we would need to
store master passwords somewhere unencrypted, and I think we don't want
it.
The MacosX keychain api does something similar to this.
See for instance:
http://developer.apple.com/documentation/Security/Conceptual/keychainServConcepts/02concepts/chapter_2_section_1.html
By default, each Mac OS X login account has one keychain (for a new
login on Mac OS X v10.3, this keychain is named login.keychain);
however, a user or application can create as many keychains as
desired. The login keychain is automatically unlocked during login
if it has the same password as the user’s login account password.
Somehow when you log in they save the password entered and try to use
that to unlock your keychain. I'm not sure how this is done though, or
if/how we could do it.
On a semi-related note, has there been any talk about making a
gnome-keyring-like desktop-independent interface and creating a
freedesktop.org standard out of it? It seems like the gnome-keyring/KWallet
backends would be great candidates for a merged standard.
I don't know. But gnome-keyring only depends on glib for the
core and on gtk+ for the asking dialogs. Maybe we could have different
asking dialogs per desktop and use only one core. I don't have idea
about how KWallet works.
Having a common system would be nice, but since both gnome and kde
already have deployed systems its probably gonna be pretty painful to
get both to switch to a common system.
KWallet is not entierly different from gnome-keyring, but on the other
hand its not exactly the same either.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl redhat com alla lysator liu se
He's an impetuous neurotic messiah with a secret. She's a hard-bitten
cat-loving hooker prone to fits of savage, blood-crazed rage. They fight
crime!
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]