[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Automating pam_keyring...



On 17/07/07, Todd Zullinger <tmz pobox com> wrote:
Yes, there's a benefit to keeping the passphrases separate.  This
also affect pam_keyring.  Anything that intends to unlock a keyring
with one passphrase pretty much requires that the passphrases match.


You were arguing for the login password/phrase matching the ssh
password/phrase - that seems like a bad idea and really unecessary.

Surely, what you mean is that it's required for the login
password/phrase to be the same password/phrase as for whatever
application stores the various passphrases for ssh/gpg etc.

There is always a tradeoff between security and convenience.  Are you
suggesting that there not be a way for users to enable their login to
unlock their various keyrings?

Nope. But that in no way requires login password/phrase == ssh key
password/phrase.

J.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]