On Wed, 2010-06-09 at 16:28 -0700, Dan Williams wrote: > I think it's clear that even if there are no user connections as such, > that we still need secrets on a per-user basis for some connections. > And that's not actually that hard to do, and we've got most of the code > written for that already. One more thought on that subject - not sure if it's a realistic concern or not. User secrets stored in gnome-keyring and equivalents are stored securely, in such a way that no other user (even root) can readily [1] obtain them. Can the same be done for user secrets stored at a system level, i.e preventing a privileged user on one system from stealing another user's credentials for a second system? My viewpoint on this is our workstations at work, where practically every developer has root access in order to do their job - that doesn't mean they should be able to bring up a VPN link to my system at home. [1] Yeah, I know that with enough work, a privileged user can get around that, patching NM binaries, etc. But that's no reason to make it easy... Simon.
Attachment:
signature.asc
Description: This is a digitally signed message part