Le jeudi 10 octobre 2013 à 14:26 +0300, p10 a écrit : > Thanks for the explanation , so the problem is not trivial . But it > still stands - people are setting empty passwords to avoid entering a > password every time + the auto-login option becomes practically obsolete > when using the keyring. So where do I further the discussion on that - a > bug , a blueprint ? What are you asking for exactly? To encrypt your keyring using a password you do not need to type at all? ;-)
If you want to secure your keyring, you'll have to type at some point a secret information that is not stored on the system. If you don't need to do that, anybody could access your keyring. So that's really not an implementation issue, that's a logical one. Regards > Petko > > On Thu, 2013-10-10 at 11:33 +0100, Simon McVittie wrote: > > On 10/10/13 11:13, p10 wrote: > > > autologin doesn't unlock the keyring . I think I > > > understand more or less why that's happening > > > > The reason is: libpam-gnome-keyring needs your password to decrypt the > > keyring. Without your password, it just doesn't have enough information. > > > > > Now my first question is - how does GDM store the password to autologin > > > a specific user > > > > It doesn't. GDM (or at least, enough of GDM) is a privileged process > > running as root with full capabilities, and can do whatever it has been > > configured to do, including changing its uid to you without asking for a > > password first. > > > > Login processes *usually* prompt for, and check, an "ordinary password" > > first - but that's not required. They can equally well use a > > one-time-password scheme like OATH[1], query a fingerprint reader[2], or > > just say "yes" regardless[3]. When GDM has been configured to > > auto-login, its policy for that user's login is "just say yes". > > > > > when AFAIK the kernel handles user login services > > > > The kernel doesn't handle user login services (at least, not on typical > > Unix OSs like Linux and *BSD). The kernel allows processes with > > appropriate capabilities[4] to become another user. That's all gdm has > > to do. > > > > S > > > > [1] more secure than ordinary passwords > > [2] not actually very secure > > [3] not at all secure > > [4] approximately "running as root", although on a modern system, > > Linux capabilities (POSIX.1e draft capabilities) are also involved > > > > _______________________________________________ > > desktop-devel-list mailing list > > desktop-devel-list@gnome.org > > https://mail.gnome.org/mailman/listinfo/desktop-devel-list > > > _______________________________________________ > desktop-devel-list mailing list > desktop-devel-list@gnome.org > https://mail.gnome.org/mailman/listinfo/desktop-devel-list _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org https://mail.gnome.org/mailman/listinfo/desktop-devel-list
