[16913] in Kerberos_V5_Development
Re: Obtaining a TGT without unrestricted access to password.
daemon@ATHENA.MIT.EDU (Stef Walter)
Fri Jun 17 13:03:00 2011
Message-ID: <4DF9B60E.1010603@collabora.co.uk>
Date: Thu, 16 Jun 2011 08:51:42 +0100
From: Stef Walter <stefw@collabora.co.uk>
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Guido_G=FCnther?= <agx@sigxcpu.org>
In-Reply-To: <20110616064451.GA20569@bogon.sigxcpu.org>
Cc: Russ Allbery <rra@stanford.edu>, David Woodhouse <dwmw2@infradead.org>,
gnome-keyring-list@gnome.org, krbdev@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 06/16/2011 07:44 AM, Guido Günther wrote:
> I'm not sure if this is what David wants to achieve but if so couldn't
> we just move the auth part of krb5-auth-dialog into gkr keeping the
> notification parts and plugins of krb5-auth-dialog separate? We could
> then use krb5_get_init_creds_password with our own prompter and use the
> password if available.
Pretty much because I'd like to try (if at all possible) to keep
gnome-keyring as a password/secret/key-storage-daemon. Rather than a
contact-remote-hosts-and-get-involved-in-porotocols daemon.
At this point it's unclear if we can factor out the password
hashing/challenge-response stuff from kerberos and just put those
algorithms in the daemon. But it's worth trying to make it work. Hence
David's email.
Cheers,
Stef
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
