Re: Current network-password-saving feature needs improvement.



Rashmi Agrawal said:

> A seperate password is better than login password since one of the
> problems which comes up is intermediate
> password changing when the session is going on. Hence a seperate
> password say master password is needed.

That's not a problem if you use PAM.  PAM can intercept all
password changes and re-encrypt the master password file.

Network transparency _IS_ a real issue, though.
Especially if you want to arrange things so that different
applications can only access "their" keys (so that a trojan
horse or buffer overflow in a user application
won't get _all_ the passwords; think of a web site with nasty
pages that causes the browser to run malicious code).
Perhaps there should be multiple ways of making the request -
a "local file" solution for non-GNOME applications, and a
CORBA (Orbit) interface that would support network transparency.

By the way, I've thought of a name for this thing...
the "Password Piggybank" (or just "piggybank" for short).
It's a little server that keeps your passwords safe.



--- David A. Wheeler
    dwheeler ida org




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]