As Gary indicated, we've really hijacked the "What other PAM modules should we include in core" thread. Since this is really a different discussion, let's make more of an effort to change the subject line when talking about this.
Darren: Darren J Moffat wrote: >> On Thu, 2008-03-06 at 17:09 -0600, Brian Cameron wrote: >>> However, it is unclear >>> to me whether Trusted Path applies to non-Trusted environments > > We should have though. We shouldn't be encouraging users to enter or > change any credentials for intial login or screen lock or password > change through anything but a trusted path. It seems we have sorted the fact that Trusted Path does apply to non-Trusted environments, and that we need to do some work to support this in our lock screen programs. Now I wonder if Trusted Path should also apply to other programs that ask for passwords, such as evolution, thunderbird. GAIM, etc. These aren't your login password, but they are obviously passwords that can give access to the user's sensitive data. > Once we have things like fast user switching this becomes even more an > issue since you need to trust the thing you are entering your creds into > isn't running as the user you are switching away from. Right. We currently don't support fast-user-switching (or VT) on Solaris. There's no need to integrate this module into Solaris if we are uncomfortable with the security implications. It might be better to just always make the user return to the login screen (or a locked previous session) when they switch VT's. Brian
