Bug#532088: libpam-gnome-keyring: Dont be selfish unlock gnome-keyring for other auth methods.
Josselin Mouette
joss at debian.org
Sun Jun 7 07:30:32 UTC 2009
Le samedi 06 juin 2009 à 12:32 +0200, Mateusz Kaduk a écrit :
> In current state libpam-gnome-keyring can unlock gnome-keyring only on password authentication.
> This is completly wrong since there might be other authenticatoin mechanisms such as
>
> * USB dongle authentication
> * Finger print authentication
> * Smart card authentication
> * Bluetooth authentication by proximity of mobile phone
> * Other that can be implemented...
>
> libpam-gnome-keyring should respect other mechanisms and unlock database if previous module succeded.
You seem to be completely unaware of how gnome-keyring works. To unlock
the keyring, which is stored encrypted on disk, you need a master
password; this password is your login password. Being able to unlock the
keyring without a password would mean it wouldn’t be encrypted, which
would be completely idiotic.
For some of the authentication schemes, like USB dongles, it would be
possible to unlock the keyring, but given how PAM works, you’d have to
implement it in pam_gnome_keyring as well. For them, patches are welcome
of course. For others, like fingerprints or bluetooth, it would be
stupid so it won’t be implemented.
Cheers,
--
.''`. Josselin Mouette
: :' :
`. `' “I recommend you to learn English in hope that you in
`- future understand things” -- Jörg Schilling
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20090607/f7552d5d/attachment.pgp>
More information about the pkg-gnome-maintainers
mailing list