[16915] in Kerberos_V5_Development
Re: Obtaining a TGT without unrestricted access to password.
daemon@ATHENA.MIT.EDU (Stef Walter)
Fri Jun 17 13:03:08 2011
Message-ID: <4DF9B6CF.6040104@collabora.co.uk>
Date: Thu, 16 Jun 2011 08:54:55 +0100
From: Stef Walter <stefw@collabora.co.uk>
MIME-Version: 1.0
To: Russ Allbery <rra@stanford.edu>
In-Reply-To: <877h8ma7jc.fsf@windlord.stanford.edu>
Cc: =?utf-8?b?r3vp?=@pch.MIT.EDU,
=?UTF-8?B?ZG8gR8O8bnRoZXI=?= <agx@sigxcpu.org>,
David Woodhouse <dwmw2@infradead.org>, gnome-keyring-list@gnome.org,
krbdev@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 06/16/2011 02:28 AM, Russ Allbery wrote:>> David Woodhouse <dwmw2@infradead.org> writes:>> > The user's password is learned at login time and stored within the>> > gnome-keyring dæmon.> Why don't you just obtain renewable tickets and renew them instead of> storing the password in memory?
That sounds interesting. Do you have pointers to how this works? I'm notthat familiar with Kerberos, so please bear with me :)
BTW, a nice future goal of gnome-keyring is to just have a set of hashesof the login password in memory, each of which could be used for variouspurposes, rather than storing the password in memory itself.
Among other things, this would require some file format changes for thekeyring files,
Cheers,
Stef
_______________________________________________krbdev mailing list krbdev@mit.eduhttps://mailman.mit.edu/mailman/listinfo/krbdev
