[1393] in athena10
Re: Disabling GNOME keyring prompt on SSH
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sun Mar 8 12:26:19 2009
From: Greg Hudson <ghudson@MIT.EDU>
To: Geoffrey Thomas <geofft@mit.edu>
Cc: debathena@mit.edu
In-Reply-To: <alpine.DEB.2.00.0903080824390.6057@geminorum.mit.edu>
Content-Type: text/plain
Date: Sun, 08 Mar 2009 12:25:15 -0400
Message-Id: <1236529515.31266.3.camel@ray>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
On Sun, 2009-03-08 at 08:32 -0400, Geoffrey Thomas wrote:
> Another option would be to figure out how to default gnome-keyring to not
> encrypt the keyring, which is probably acceptable given AFS permissions.
A concern here is that the keyring contents might be captured while in
flight over the network via AFS. AFS traffic is usually encrypted, but
I believe it's just DES encryption.
> I think a third option is to make debathena-ssh-client-config cause
> ssh_config to prefer Kerberos auth before public/private key auth.
This would be ideal, except that I don't think there's an ssh_config
option to set the auth mechanism preference order. Maybe I'm just
missing it, though.