Bug#532088: libpam-gnome-keyring: Dont be selfish unlock gnome-keyring for other auth methods.

Josselin Mouette joss at debian.org
Mon Jun 8 08:46:55 UTC 2009


Le dimanche 07 juin 2009 à 12:24 +0200, Mateusz Kaduk a écrit :
> First of all, you cutted out my first question. I think that typing
> password over and over each time is not what people using finger
> reader really want.

A fingerprint reader is an authentication device; it is not an
encryption key.

> 2009/6/7 Josselin Mouette <joss at debian.org>:
> > Where in the world would you store that key?
> 
> Maybe /etc/security like cracklib does for storing used passwords or
> directly in /etc/ like pam-opie module does for storing temporary
> passwords /etc/opiekeys

Storing the key in clear text would *entirely* defeat the point of
gnome-keyring.

> > WTF?
> Using password is just ignoring existence of other kinds of
> authentication methods that are present or can be implemented in
> future.

Sure. But gnome-keyring is not about authentication, it is about
encryption.

> > Making gnome-keyring work with some other authentication modules is not
> > stupid. Making it work with all of them is.
> 
> I did not write its stupid, I wrote its not stupid to suggest other
> solutions that fix problem.
> Yes it should be possible to use gnome-keyring with all pam modules by
> just making it aware of that there might be something else then
> password that can be used for login to system.

If that something else cannot be used as an encryption key, it is simply
not possible. This is especially true of fingerprint readers.

-- 
 .''`.      Josselin Mouette
: :' :
`. `'   “I recommend you to learn English in hope that you in
  `-     future understand things”  -- Jörg Schilling
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20090608/de6f7a0d/attachment.pgp>


More information about the pkg-gnome-maintainers mailing list