Re: [guadec-list] Mango passwords and instructions?

From: Behdad Esfahbod <behdad behdad org>
To: Olav Vitters <olav bkor dhs org>
Cc: gnome-sysadmin gnome org, gnome-infrastructure gnome org, guadec-list <guadec-list gnome org>
Subject: Re: [guadec-list] Mango passwords and instructions?
Date: Fri, 27 Jun 2008 10:16:35 -0400

On Fri, 2008-06-27 at 16:02 +0200, Olav Vitters wrote:
> On Fri, Jun 27, 2008 at 09:20:05AM -0400, Behdad Esfahbod wrote:
> > On Thu, 2008-06-26 at 19:42 +0200, Olav Vitters wrote:
> > > 
> > > Only annoying part is the script for the user. It should be simple
> > > enough so that people trust the working. But at the same time, some
> > > GUI is likely needed (?).. but that would make it complicated.
> > > Note that fetching private keys from the ssh agent is trivial.
> > 
> > How about something like showing people a page saying:
> > 
> > "Please run the following command and follow instructions given there:
> > 
> >   echo "blah blah blah some rand word" | ssh auth.gnome.org
> > 
> > The auth.gnome.org then gives them a password they can use to login
> > withing the next 10 minutes.
> 
> Actually not sure how to implement something like that. Users should not
> be able to retrieve any private Mango information. So they should not
> just be able to run a script under their userid and get access to
> private Mango info.

How about that simply write a dotfile in user's home dir.  Mango then
reads that file, confirms that it's only readable by user.  Checks that
it's modification time is recent, and accepts the contents as password.

This is weaker than your approach as anyone compromising any GNOME
machines will get access to everyone's Mango account.  However, both
approaches suffer from the fact that a compromised SSH key gives access
to user's Mango.

Combine that with the fact that one of two major Mango requests is
changing a lost key (the other being changing email address), I'm not
sure using SSH keys for authentication is a good idea.

> At the same time, I don't know how to handle suid
> stuff combined with Python... is that trustable? Can I 100% rely on
> finding out the original userid? Plus I'd need to store it in the
> database in a way that if the database is compromised, that they cannot
> abuse it to get Mango privs... probably hashing some secret token I
> guess.
> 
> I've tried the paramiko method, and it seems to work (not in Mango..
> just hacked up test locally). I'll do something like that for now... it
> is pretty easy to replace the login method in Mango.

How about (optional) OpenID?

-- 
behdad
http://behdad.org/

"Those who would give up Essential Liberty to purchase a little
 Temporary Safety, deserve neither Liberty nor Safety."
        -- Benjamin Franklin, 1759

Follow-Ups:
- Re: [guadec-list] Mango passwords and instructions?
  - From: Olav Vitters

References:
- Re: [guadec-list] Mango passwords and instructions?
  - From: Baris Cicek
- Re: [guadec-list] Mango passwords and instructions?
  - From: =?ISO-8859-1?Q?Germ=E1n_Po=F3-Caama=F1o?=
- Re: [guadec-list] Mango passwords and instructions?
  - From: Olav Vitters
- Re: [guadec-list] Mango passwords and instructions?
  - From: Behdad Esfahbod
- Re: [guadec-list] Mango passwords and instructions?
  - From: Olav Vitters
- Re: [guadec-list] Mango passwords and instructions?
  - From: Behdad Esfahbod
- Re: [guadec-list] Mango passwords and instructions?
  - From: Olav Vitters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]