← Back to team overview

ubuntu-phone team mailing list archive

Re: [Development] Solution for a password/secret storage

 

On 19/03/13 07:22, Alberto Mardegan wrote:
>> Should that be integrated with the PAM architecture so that different
>> keyrings (or collections as called in the freedesktop API) can require
>> different authentication methods?
> Our service could be a PAM provider, but I don't think it can use PAM as
> a client: AFAIK, the PAM API only allows you to know if the user has
> authenticated, but it doesn't let you retrieve the password/token used
> to authenticate (and which we could use as key for the encrypted storage).

OK so how does GNOME Keyring do it? My understanding is that with GNOME
Keyring, the default keyring is the "login" keyring that is unlocked
when users enter their login credentials, which is why you don't have to
unlock it again during a session. Presumably it means that the "login"
keyring is protected by the user's password?

Which also brings the question: with the freedesktop API, how do you
change the password for a given collection? Do you have to re-encrypt
all the data in that collection using the new password?

Bruno



Follow ups

References