On 2015-12-16 06:21:01, Ilkka Virta wrote:
> A problem with doing that, is that anything that runs with the user's
> permissions could trivially read the secret key from the user's home
> directory. With SSH keys it's not a problem, since they are _public_
> keys. Plus, a user could do something stupid, like resetting the OTP
> counter on every login, so they wouldn't need to use a pesky changing
> password, but instead use the same one always...
>
> I think some unix-like systems have per-user password files under /etc,
> so that they don't need setuid-root helpers to access them, but there
> still is some program to sanity check the password the user tries to
> set. (a setgid helper plus some trickery with file and directory
> permissions.) Doing something like that would simplify the backend, but
> of course you'd still need a helper application to access the files.
Right, you are right of course. I do think it's critical to keep that
file from being readable from random apps. The format *is* also a little
brittle so it seems important to have standardized access as well...
Maybe having a system similar to shadow passwords would be necessary
here: there could be a secret file that can only be read by root (or
with the right caps) and would need a special tool (oath.passwd?) to
reset.
so harder than i thought...
a.
--
Si l'image donne l'illusion de savoir
C'est que l'adage pretend que pour croire,
L'important ne serait que de voir
- Lofofora
