Re: [gnome-love] gnome-keyring and PAM

From: Alexander Larsson <alexl redhat com>
To: Fernando Herrera <fherrera onirica com>
Cc: "mike flyn org" <mike flyn org>, gnome-love gnome org
Subject: Re: [gnome-love] gnome-keyring and PAM
Date: Thu, 27 May 2004 08:11:58 -0000

On Thu, 2004-05-27 at 01:36, Fernando Herrera wrote:

Wed, May 26, 2004 at 04:22:28PM -0500, mike flyn org escribió:

Would it make sense to write a PAM module that unlocks the default keyring
automatically when a user logs in using the user's system authentication
token?  I have experience programming with PAM and may be interested in
implementing this.


      Each gnome keyring is encrypted using the keyring master
password, so if we want to automatically unlock them we would need to
store master passwords somewhere unencrypted, and I think we don't want
it.


The MacosX keychain api does something similar to this. 
See for instance:
http://developer.apple.com/documentation/Security/Conceptual/keychainServConcepts/02concepts/chapter_2_section_1.html
 By default, each Mac OS X login account has one keychain (for a new 
 login on Mac OS X v10.3, this keychain is named login.keychain); 
 however, a user or application can create as many keychains as 
 desired. The login keychain is automatically unlocked during login 
 if it has the same password as the user’s login account password.

Somehow when you log in they save the password entered and try to use
that to unlock your keychain. I'm not sure how this is done though, or
if/how we could do it.

On a semi-related note, has there been any talk about making a
gnome-keyring-like desktop-independent interface and creating a
freedesktop.org standard out of it?  It seems like the gnome-keyring/KWallet
backends would be great candidates for a merged standard.


      I don't know. But gnome-keyring only depends on glib for the
core and on gtk+ for the asking dialogs. Maybe we could have different
asking dialogs per desktop and use only one core. I don't have idea
about how KWallet works.


Having a common system would be nice, but since both gnome and kde
already have deployed systems its probably gonna be pretty painful to
get both to switch to a common system.

KWallet is not entierly different from gnome-keyring, but on the other
hand its not exactly the same either.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's an impetuous neurotic messiah with a secret. She's a hard-bitten 
cat-loving hooker prone to fits of savage, blood-crazed rage. They fight 
crime!

References:
- [gnome-love] gnome-keyring and PAM
  - From: mike flyn org
- Re: [gnome-love] gnome-keyring and PAM
  - From: Fernando Herrera

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]