On Mon, 2011-01-17 at 21:28 -0500, Adam Tauno Williams wrote: > On Mon, 2011-01-17 at 14:08 -0600, Albert Wagner wrote: > > On 01/17/2011 11:32 AM, Adam Tauno Williams wrote: > > > On Mon, 2011-01-17 at 11:01 -0600, Albert Wagner wrote: > > >>> And I don't think you need to be particularly "experienced" with them to > > >>> let a program use keyrings - it's just an encrypted store of passwords. > > >> My login password allows anyone with access to it, including evolution > > >> developers, to perform actions requiring root permissions. > > > Er, what?? How do evolution developers have access to your password via > > > use of the keyring? They don't, can't, and I suspect you don't > > > understand are keyrings work. > > Absolutely right. But I understand popups. > > A popup message claims that evolution cannot access the keyring without > > the password used for logging in. I automatically log in without > > entering my password. > > By default it creates a keyring using your login password [via > integration with GDM? I don't remember].
Sort of. It does it via PAM - i.e. when you login GDM authenticates through PAM, that process also authenticates gnome-keyring and so unlocks your passwords & keys. It is neither required nor a default action to do this: when gnome-keyring is setup it asks you what password you want to use and whether you want to automatically unlock the keyring when you login. > > > > Even if they did have your username and password, which they don't, how > > > would that allow "root" permissions? Unless you are logging in as root, > > > which you shouldn't. > > Not logged in as root. But occasionally I use su and sudo. Are those > > not available on your distribution? /bin/su always asks for the root password - sudo was only supposed to be used to give users access to a specific small subset of commands they may need to run as root - not be used to give passwordless root access like in Ubuntu > > Anyway, on a Kerberos-enabled network [which I am], su/sudo are password > free - I don't get prompted for a password [one either has the privilege > to perform an operation or you don't]. kerberised systems are very different ... P. _______________________________________________ evolution-list mailing list [email protected] To change your list options or unsubscribe, visit ... http://mail.gnome.org/mailman/listinfo/evolution-list
