I was in the process of replying to Karl's email and why I do not think his approach is the way to go when I had the following idea.
What if we add a new password storage module in the spirit of the gnome-keyring, gpg modules that stores the password in some kind of obfuscated format in the auth folder? This module could be built by default on *nix but also support a configure option to disable building it. Also if the library itself is just not present at runtime then it would also not be available. It would become a new password-stores option in the config file so we already have a mechanism for enabling or disabling it via that file as well. For purposes of all of the other warnings we still support this would NOT be considered a plain text password. How we obfuscate would be up to whoever writes the code. I think Base64 would be fine but we could also use something like AES where we use the realm-string or some other value we know as the key. This would not be truly secure but it does help protect against trivial observation and discovery. This would make password storage available by default on Linux, but still give Disto maintainers and anyone else maintaining a system options to completely disable it if that is their desire. I will also still reply to Karl's email Thanks Mark
