[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gcmd-dev] [NEW] Use of GNOME authentication manager for user's secu
From: |
Michael |
Subject: |
Re: [gcmd-dev] [NEW] Use of GNOME authentication manager for user's security credentials |
Date: |
Thu, 25 Oct 2007 00:05:51 +0200 |
User-agent: |
claws-mail.org |
> The rev #1200 changes that. There has been added direct dependency on
> gnome keyring (aka gnome auth. manager/daemon) what makes gcmd unusable
> in non-gnome environments. This is BAD.
ACK (although the ida was from me) i always was opting for independnence
> I think Magnus' objections against that sound very reasonable here.
It's easy to support his objections. eg, passwords in several places mean they
are more hard to detect, to steal. Where *one* secutiry hole in gkd could screw
it all up.
It depends on how importan your logins are. If they are really very important,
then i'd store them never on disk anyway.
> IMHO the right solution for that should be:
> 1. using the GNOME authentication manager for login/password
> handling (this should be default option)
> 2. there should be an option (per connection) not to use auth
> daemon - in this case password will be stored in text file in
> the old way
that's a good apporach !
It's always good to leave users a choice.
> 3. all ftp connections will be imported as 'not auth'ed by gnome
> keyring' - so nothing will disappear any more
I'm not sure what this means. A warning included into the option GUI checkbox ?
Woulds be sufficient IMHO.
I'm not fully convinced about gkd. It's not been developed since 2005 if IIRC.
Maybe it's been dropped ? I would be pleased if there's any standard about
keyrings.
I'll try to find out how gkd stores passwords if i got spare time ;)
Re: [gcmd-dev] [NEW] Use of GNOME authentication manager for user's security credentials, Stef Walter, 2007/10/26
Re: [gcmd-dev] [NEW] Use of GNOME authentication manager for user's security credentials, Petr Tomasek, 2007/10/23
Re: [gcmd-dev] [NEW] Use of GNOME authentication manager for user's security credentials, Magnus Stålnacke, 2007/10/27