Re: gnome-keyring Obtaining a TGT without unrestricted access to password.

From: Stef Walter <stefw collabora co uk>
To: Guido Günther <agx sigxcpu org>
Cc: Russ Allbery <rra stanford edu>, David Woodhouse <dwmw2 infradead org>, gnome-keyring-list gnome org, krbdev mit edu
Subject: Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
Date: Thu, 16 Jun 2011 08:51:42 +0100

On 06/16/2011 07:44 AM, Guido Günther wrote:
> I'm not sure if this is what David wants to achieve but if so couldn't
> we just move the auth part of krb5-auth-dialog into gkr keeping the
> notification parts and plugins of krb5-auth-dialog separate? We could
> then use krb5_get_init_creds_password with our own prompter and use the
> password if available.

Pretty much because I'd like to try (if at all possible) to keep
gnome-keyring as a password/secret/key-storage-daemon. Rather than a
contact-remote-hosts-and-get-involved-in-porotocols daemon.

At this point it's unclear if we can factor out the password
hashing/challenge-response stuff from kerberos and just put those
algorithms in the daemon. But it's worth trying to make it work. Hence
David's email.

Cheers,

Stef

References:
- gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: David Woodhouse
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Russ Allbery
- Re: gnome-keyring Obtaining a TGT without unrestricted access to password.
  - From: Guido =?iso-8859-1?Q?G=FCnther?=

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]