CSAIL's storage is pretty much all AFS, which requires shared-key login. I always forget the key, and I much prefer public-key for scalability etc.
With pubkinit, I can use my gpg key to encrypt the AFS/kerberos passord and store it; then when I want to login, I use the gpg key to decrypt the shared key. This works nicely with the gnome gpg-agent UI. See the authorization category in breadcrumbs http://dig.csail.mit.edu/breadcrumbs/taxonomy/term/4 esp A step forward with python and sshagent, and a walk around gnome security tools Submitted by connolly on Wed, 2006-03-29 http://dig.csail.mit.edu/breadcrumbs/node/123 $ hg log --limit 10 --template '#rev#:#node|short# #date|shortdate# #desc|firstline|strip#\n' 2:f75ea9ff44bb 2007-01-05 cite kinit source 1:7a247b24273f 2007-01-05 login using dbus/pgp works 0:220d687c5d8b 2006-10-30 credstore.py 1.1 from http://dev.w3.org/cvsweb/2001/palmagent/ -- Dan Connolly, W3C http://www.w3.org/People/Connolly/ D3C2 887B 0F92 6005 C541 0875 0F91 96DE 6E52 C29E
pubkinit.hg
Description: Binary data
""" Kerberos login integrated with PGP and dbus/gnome http://packages.debian.org/unstable/net/krb5-user Filename: pool/main/k/krb5/krb5-user_1.4.4-5_i386.deb Size: 123234 MD5sum: 1f122e23e7be85e58d870b1bf2c576ff SHA1: cad33366b4d3555d6ba1e76464431cc2b0ef09a1 """ import os, sys import credstore def main(argv): # I'm not sure how to trap "command not found" here. kin = os.popen("kinit", "w") kin.write(credstore.decrypt() + "\n") status = kin.close() if status not in (0, None): print >>sys.stderr, "kinit returned: ", status def _test(): import doctest doctest.testmod() if __name__ == '__main__': import sys if '--test' in sys.argv: _test() else: import sys main(sys.argv)
"""credstore -- store credentials, encrypted with pgp Seahorse has a dbus API http://live.gnome.org/Seahorse/DBus For calling dbus methods from python, see http://dbus.freedesktop.org/doc/dbus-tutorial.html#python-invoking-methods TODO: support OS X keychain See also: A step forward with python and sshagent, and a walk around gnome security tools Submitted by connolly on Wed, 2006-03-29 http://dig.csail.mit.edu/breadcrumbs/node/123 and dev notes starting http://chatlogs.planetrdf.com/swig/2006-10-28.html#T06-07-21 thru 2006/10/30 23:07:36 """ __version__ = "$Id: credstore.py,v 1.1 2006/10/30 23:07:36 connolly Exp $" import dbus # filename of the encrypted credential store SAFE="safe" MYKEY="6E52C29E" #@@TODO: command-line arg def main(argv): if '--encrypt' in argv: cred = argv[2] crypt = encrypt(cred, MYKEY) file(SAFE, "w").write(crypt) else: cred = decrypt() print cred def encrypt(cred, keyid): bus = dbus.SessionBus() keycache = dbus.Interface(bus.get_object('org.gnome.seahorse', '/org/gnome/seahorse/keys/openpgp'), 'org.gnome.seahorse.Keys') conkeys = keycache.MatchKeys([keyid], 0) mykey = conkeys[0][0] c = dbus.Interface(bus.get_object('org.gnome.seahorse', '/org/gnome/seahorse/crypto'), 'org.gnome.seahorse.CryptoService') return c.EncryptText([mykey], mykey, 0, cred) def decrypt(): crypttext = file(SAFE).read() bus = dbus.SessionBus() c = dbus.Interface(bus.get_object('org.gnome.seahorse', '/org/gnome/seahorse/crypto'), 'org.gnome.seahorse.CryptoService') cleartext, signer = c.DecryptText("openpgp", 0, crypttext) return cleartext def _test(): import doctest doctest.testmod() if __name__ == '__main__': import sys if '--test' in sys.argv: _test() else: import sys main(sys.argv) # $Log: credstore.py,v $ # Revision 1.1 2006/10/30 23:07:36 connolly # works in one case: t-mobile/danger account #
