[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[OATH-Toolkit-help] Bug#807992: Bug#807992: per user oath files

From: Antoine Beaupré
Subject: [OATH-Toolkit-help] Bug#807992: Bug#807992: per user oath files
Date: Mon, 01 Aug 2016 10:22:59 -0400
User-agent: Notmuch/0.21 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)

On 2016-03-05 15:01:39, Antoine Beaupré wrote:
> On 2015-12-21 16:44:23, Ilkka Virta wrote:
>> On 16.12. 15:44, Antoine Beaupré wrote:
>>> On 2015-12-16 06:21:01, Ilkka Virta wrote:
>>> Right, you are right of course. I do think it's critical to keep that
>>> file from being readable from random apps. The format *is* also a little
>>> brittle so it seems important to have standardized access as well...
>>> Maybe having a system similar to shadow passwords would be necessary
>>> here: there could be a secret file that can only be read by root (or
>>> with the right caps) and would need a special tool (oath.passwd?) to
>>> reset.
>> Well being root-only and having some sort of a helper app is already 
>> needed. (Though the helper might well be the admins text editor.
>> As for brittleness, it shares the same thing with all other text files: 
>> they kind of have to be rewritten completely every time (can't just 
>> replace a single line). Unless you meant some other brittleness? Of 
>> course there's locking, per-user files would make that a bit simpler.
> No that is pretty much it - i was thinking of lock contention issues and
> so on.
>> This was the per-user shadow file thingy I was thinking of:
>> http://www.openwall.com/tcb/ (see the slides)
> right. pretty much what i had in mind.

Any progress here?

it's still kind of inconvenient to deploy this on multi-user systems
right now... should we write a "choath" to input the user token or split
the file?


The Net treats censorship as damage and routes around it.
                         - John Gilmore

reply via email to

[Prev in Thread] Current Thread [Next in Thread]