gnome-keyring Obtaining a TGT without unrestricted access to password.
Simo Sorce
simo at redhat.com
Thu Jun 16 11:21:29 EDT 2011
On Thu, 2011-06-16 at 08:10 -0700, Russ Allbery wrote:
> For example, our ticket lifetime is 25 hours and our renewable
> lifetime is
> 14 days. I actually want our users to have to re-enter their password
> every 14 days, or rather, I want the person who stole their laptop to
> have
> full use of their account for at most 14 days after the point at which
> they stole it, even if they don't tell us about that.
Purpose that is defeated if someone stores the password in clear text,
in a way that the user can query it, or not in kernel protected
memory ... like gnome-keyring does ...
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list