gcmd-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gcmd-dev] gnome-keyring in gcmd

From: Michael
Subject: [gcmd-dev] gnome-keyring in gcmd
Date: Wed, 31 Oct 2007 07:13:22 +0100
User-agent: claws-mail.org 
(sorry i cleaned up too generously and lost the original thread)

gkd= gnome keyring daemon
gkm = gk manager (GUI)

- Launched gdm and logged into full gnome session
(again, i couldn't see any difference in running daemons and processes)

- Removed any keyring with gkm
- Access local ftp server from nautilus OK -> key stored in gkd
- Access local server from gcmd OK -> key reused

Don't ask me why it worked this time. As always in debian unstable, there were 
several extensive updates, also to gnome keyring and other gnome apps, since 
last test suite.

Note: gcmd path wasn't stored at all in gkd, see attached screenshot #2

- Access remote server from gcmd FAILED -> crash
- Access remote server from nautilus OK key stored in gkd !

In gcmd, i deleted the old entry for the remote server and configured it new.
This time, rather by case, with full domain name as Alias. 

- Access remote server from gcmd OK -> key reused

Now, gcmd path was stored in gkd, see screenshot #3

Is there a problem with gcmd asking gkd to create a new key (not only reuse 
existing) ? And does it mean anything what's in the alias field ??

I'll do more testing another day. 


 m°

ps. I think gkd requires some extra awareness if you are not used to it:

One can store the root password in gkd (which of course isn't recommendet), for 
example checking 'store into keyring' in a gksu dialog.
In gkm, you can easily view then the root password literally (see screenshot 
#1). 

Now, how is it protected ?
Whenever there's the first access to the keyring (e.g., you launch the gk 
manager, or gksu tries to store a password) you are asked for the keyring 
password.  Afterwards you can access the keyring without, it's just how it 
works - you would not be asked for this password repeatedly.

I wonder if someone is silly enough to store the root password into gkd, via 
gksu dialog, then maybe also is silly enough to leave a machine unlocked for a 
moment.
Anybody could launch gkm and lookup the root password. It's like leaving a root 
login terminal open.

Attachment: gkm-1.jpg
Description: JPEG image

Attachment: gkm-2.jpg
Description: JPEG image

Attachment: gkm-3.jpg
Description: JPEG image

reply via email to
[Prev in Thread] Current Thread [Next in Thread]