On Fri, Jun 27, 2008 at 10:16:35AM -0400, Behdad Esfahbod wrote: > How about that simply write a dotfile in user's home dir. Mango then > reads that file, confirms that it's only readable by user. Checks that > it's modification time is recent, and accepts the contents as password.
Hm.. maybe directory like /tmp. Not readable except for Mango group and the userid writing to it. (+s IIRC). That would actually pretty much work.. except it would make testing Mango locally harder ;) > This is weaker than your approach as anyone compromising any GNOME > machines will get access to everyone's Mango account. However, both > approaches suffer from the fact that a compromised SSH key gives access > to user's Mango. Yeah, but compromised SSH key is acceptable that the Mango is compromised as well. > Combine that with the fact that one of two major Mango requests is > changing a lost key (the other being changing email address), I'm not > sure using SSH keys for authentication is a good idea. ATM yes, as Mango doesn't really do anything. But I plan to make it way more important for maintainers. > > At the same time, I don't know how to handle suid > > stuff combined with Python... is that trustable? Can I 100% rely on > > finding out the original userid? Plus I'd need to store it in the > > database in a way that if the database is compromised, that they cannot > > abuse it to get Mango privs... probably hashing some secret token I > > guess. > > > > I've tried the paramiko method, and it seems to work (not in Mango.. > > just hacked up test locally). I'll do something like that for now... it > > is pretty easy to replace the login method in Mango. > > How about (optional) OpenID? There is no OpenID stored in Mango, so that is a no as primary method. And IIRC OpenID stuff usually just has password as authentication (too weak). -- Regards, Olav _______________________________________________ Gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
