Re: [guadec-list] Mango passwords and instructions?

[Olav Vitters <olav bkor dhs org>]

On Fri, Jun 27, 2008 at 10:16:35AM -0400, Behdad Esfahbod wrote:
> How about that simply write a dotfile in user's home dir.  Mango then
> reads that file, confirms that it's only readable by user.  Checks that
> it's modification time is recent, and accepts the contents as password.

Hm.. maybe directory like /tmp. Not readable except for Mango group and
the userid writing to it. (+s IIRC). That would actually pretty much
work.. except it would make testing Mango locally harder ;)

> This is weaker than your approach as anyone compromising any GNOME
> machines will get access to everyone's Mango account.  However, both
> approaches suffer from the fact that a compromised SSH key gives access
> to user's Mango.

Yeah, but compromised SSH key is acceptable that the Mango is
compromised as well.

> Combine that with the fact that one of two major Mango requests is
> changing a lost key (the other being changing email address), I'm not
> sure using SSH keys for authentication is a good idea.

ATM yes, as Mango doesn't really do anything. But I plan to make it way
more important for maintainers.

> > At the same time, I don't know how to handle suid
> > stuff combined with Python... is that trustable? Can I 100% rely on
> > finding out the original userid? Plus I'd need to store it in the
> > database in a way that if the database is compromised, that they cannot
> > abuse it to get Mango privs... probably hashing some secret token I
> > guess.
> > 
> > I've tried the paramiko method, and it seems to work (not in Mango..
> > just hacked up test locally). I'll do something like that for now... it
> > is pretty easy to replace the login method in Mango.
> 
> How about (optional) OpenID?

There is no OpenID stored in Mango, so that is a no as primary method.
And IIRC OpenID stuff usually just has password as authentication (too
weak).

-- 
Regards,
Olav