ubuntu-phone team mailing list archive

Thread
Date

Re: [Development] Solution for a password/secret storage

To: ubuntu-phone@xxxxxxxxxxxxxxxxxxx
From: Bruno Girin <brunogirin@xxxxxxxxx>
Date: Tue, 19 Mar 2013 09:54:00 +0000
In-reply-to: <51481251.7090408@canonical.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130308 Thunderbird/17.0.4

On 19/03/13 07:22, Alberto Mardegan wrote:
>> Should that be integrated with the PAM architecture so that different
>> keyrings (or collections as called in the freedesktop API) can require
>> different authentication methods?
> Our service could be a PAM provider, but I don't think it can use PAM as
> a client: AFAIK, the PAM API only allows you to know if the user has
> authenticated, but it doesn't let you retrieve the password/token used
> to authenticate (and which we could use as key for the encrypted storage).

OK so how does GNOME Keyring do it? My understanding is that with GNOME
Keyring, the default keyring is the "login" keyring that is unlocked
when users enter their login credentials, which is why you don't have to
unlock it again during a session. Presumably it means that the "login"
keyring is protected by the user's password?

Which also brings the question: with the freedesktop API, how do you
change the password for a given collection? Do you have to re-encrypt
all the data in that collection using the new password?

Bruno

Follow ups

Re: [Development] Solution for a password/secret storage
From: Alberto Mardegan, 2013-03-19

References

[Development] Solution for a password/secret storage
From: Alberto Mardegan, 2013-03-18
Re: [Development] Solution for a password/secret storage
From: Bruno Girin, 2013-03-18
Re: [Development] Solution for a password/secret storage
From: Alberto Mardegan, 2013-03-19