[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gcmd-dev] gnome-keyring in gcmd
From: |
Michael |
Subject: |
[gcmd-dev] gnome-keyring in gcmd |
Date: |
Wed, 31 Oct 2007 07:13:22 +0100 |
User-agent: |
claws-mail.org |
(sorry i cleaned up too generously and lost the original thread)
gkd= gnome keyring daemon
gkm = gk manager (GUI)
- Launched gdm and logged into full gnome session
(again, i couldn't see any difference in running daemons and processes)
- Removed any keyring with gkm
- Access local ftp server from nautilus OK -> key stored in gkd
- Access local server from gcmd OK -> key reused
Don't ask me why it worked this time. As always in debian unstable, there were
several extensive updates, also to gnome keyring and other gnome apps, since
last test suite.
Note: gcmd path wasn't stored at all in gkd, see attached screenshot #2
- Access remote server from gcmd FAILED -> crash
- Access remote server from nautilus OK key stored in gkd !
In gcmd, i deleted the old entry for the remote server and configured it new.
This time, rather by case, with full domain name as Alias.
- Access remote server from gcmd OK -> key reused
Now, gcmd path was stored in gkd, see screenshot #3
Is there a problem with gcmd asking gkd to create a new key (not only reuse
existing) ? And does it mean anything what's in the alias field ??
I'll do more testing another day.
m°
ps. I think gkd requires some extra awareness if you are not used to it:
One can store the root password in gkd (which of course isn't recommendet), for
example checking 'store into keyring' in a gksu dialog.
In gkm, you can easily view then the root password literally (see screenshot
#1).
Now, how is it protected ?
Whenever there's the first access to the keyring (e.g., you launch the gk
manager, or gksu tries to store a password) you are asked for the keyring
password. Afterwards you can access the keyring without, it's just how it
works - you would not be asked for this password repeatedly.
I wonder if someone is silly enough to store the root password into gkd, via
gksu dialog, then maybe also is silly enough to leave a machine unlocked for a
moment.
Anybody could launch gkm and lookup the root password. It's like leaving a root
login terminal open.
gkm-1.jpg
Description: JPEG image
gkm-2.jpg
Description: JPEG image
gkm-3.jpg
Description: JPEG image
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [gcmd-dev] gnome-keyring in gcmd,
Michael <=