That sounds like way to use (sort of) certificates again. With updated realmd package I can now save fedora account password into Gnome keyring. But...
I thought about it yesterday, but did not dare to ask. Are not password less strong kind of authentication that keys? We have SSH keys, we had generated certificates until now. Now only passwords backed by Kerberos. Sure, Kerberos is not simple password system sending plaintext over network. Anyway, is there planned way to obtain main kerberos ticket for fedoraproject.org by something stronger than password? -- Petr Menšík ----- Original Message ----- From: "Petr Spacek" <pspa...@redhat.com> To: devel@lists.fedoraproject.org Sent: Wednesday, December 14, 2016 8:34:17 AM Subject: Re: Packagers - Flag day 2016 Important changes On 13.12.2016 22:57, Tom Hughes wrote: > On 13/12/16 21:32, Simo Sorce wrote: >> On Tue, 2016-12-13 at 18:52 +0000, Tom Hughes wrote: >> >>> The main goal of long random passwords after all is about a combination >>> of making them hard to brute force and ensuring that every service has a >>> unique password to guard against credential reuse attacks when one of >>> the many services everybody has logins for experiences the inevitable >>> loss of their poorly secured database. >>> >>> I always find it somewhat depressing that the more sophisticated a login >>> system becomes the worse my security on it seems to get because I wind >>> up having to use weaker passwords. Banks are the classic example because >>> they rarely have a straightforward password even as one part of their >>> authentication but anything that means I have to remember a password >>> hits the same problem. >> >> Don't remember it if it bothers you, why do you use a double standard if >> the password is not sent via browser but through a CLI ? > > It's an interesting question, and the first thing I'd say is that there are > actually very few passwords that I enter at a CLI at all. Once I've unlocked > gnome keyring by logging into my laptop or desktop it's mostly only when I > want to sudo as other things tend to be by ssh public key auth from my > keyring. > > I think the threat model is very different as well, at least for me, as the > environments where I am entering a password for sudo for example are all ones > which I control and where I know how the password database is stored while for > web based logins I operate on the basis that I have no idea whether any given > site has the sense to hash it's passwords or to adequately protect it's user > database. > > Obviously I'm sure the FAS database is properly protected but the ways of > working I have developed are based around not assuming that for web logins > hence why I switched to random passwords and a password manager many years > ago. > > Anyway, it looks like like GOA with the realmd fix likely does what I want, > which is good news. Theoretically, if you really really want random password and never type it, you can retrieve keytab for your account. The keytab file can contain e.g. random 256 bit AES key so you will as safe as you can, assuming no attacker can gain access to that file (which you assume already). In Kerberized world this is usually done for machine/service accounts but technically nothing prevents you from using the same method for your own account. See man page for command ipa-getkeytab from package freeipa-client (or use command kpasswd). -- Petr Spacek @ Red Hat _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
