[Cryptography] Does anyone here know PAM?

Jim Gettys jg at freedesktop.org
Thu Apr 6 15:40:12 EDT 2017


On Thu, Apr 6, 2017 at 7:43 AM, Phillip Hallam-Baker <phill at hallambaker.com>
wrote:

>
>
> On Tue, Apr 4, 2017 at 1:01 PM, RB <aoz.syn at gmail.com> wrote:
>
>> On Tue, Apr 4, 2017 at 8:04 AM, Phillip Hallam-Baker
>> <phill at hallambaker.com> wrote:
>> > The architecture I am thinking of would be:
>> >
>> > 1) User logs in with password.
>> >
>> > 2) Password is passed to the unlock keys mechanism which uses it to
>> unlock a
>> > master key.
>> >
>> > 3) Processes running under the master key account can request unlocking
>> of
>> > profile data stored under it.
>>
>> Perhaps I'm missing some subtle part of the point, but is this not
>> already done under the gnome-keyring project?  At least from this
>> user's perspective, gnome-keyring (and the seahorse UI) achieve the
>> same functionality as the OS X keyring.
>>
>
> ​Well until yesterday, Ubuntu wasn't using Gnome. Now they are abandoning
> Unity and moving to Gnome and so the desktop is more or less going to be
> unified again.
>

​Unity used much/most of gnome, and could/did run seahorse.  What I haven't
done is used it with Yubikeys; that is the final step so that private keys
aren't available to be stolen.

And I'm happy Unity is history...
                               - Jim
​

>
> Thanks all, this should be enough for demo purposes.​
>
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170406/55f05357/attachment.html>


More information about the cryptography mailing list