password safes for mac

Victor Duchovni Victor.Duchovni at morganstanley.com
Wed Jul 1 12:49:14 EDT 2009


On Wed, Jul 01, 2009 at 11:03:13AM -0400, Adam Shostack wrote:

> On Tue, Jun 30, 2009 at 11:26:06AM -0500, Nicolas Williams wrote:
> | On Mon, Jun 29, 2009 at 11:29:48PM -0700, Jacob Appelbaum wrote:
> | > This would be great if LoginWindow.app didn't store your unencrypted
> | > login and password in memory for your entire session (including screen
> | > lock, suspend to ram and hibernate).
> | > 
> | > I keep hearing that Apple will close my bug about this and they keep
> | > delaying. I guess they use the credentials in memory for some things
> | > where they don't want to bother the user (!) but they still want to be
> | > able to elevate privileges.
> | 
> | Suppose a user's Kerberos credentials are about to expire.  What to do?
> 
> What fraction of mac users are using Kerberos?  

Spefically, Kerberos to *login* to the system. I use Kerberos on the
Mac all the time, but never to login, have not figured out how to
make it not get in the way of using the laptop when the KDC is not
reachable.

Also, I roam between two Realms, office and non-office (used for IMAP and
SMTP submission) and neither makes sense as the primary platform login.

If I had a stationary desktop Mac at the office, that *would* use Kerberos
for login. Still would be in a tiny minority though...

-- 
	Viktor.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list