Automating pam_keyring...
Jonathan Underwood
jonathan.underwood at gmail.com
Tue Jul 17 16:54:44 UTC 2007
On 17/07/07, Todd Zullinger <tmz at pobox.com> wrote:
> Yes, there's a benefit to keeping the passphrases separate. This
> also affect pam_keyring. Anything that intends to unlock a keyring
> with one passphrase pretty much requires that the passphrases match.
>
You were arguing for the login password/phrase matching the ssh
password/phrase - that seems like a bad idea and really unecessary.
Surely, what you mean is that it's required for the login
password/phrase to be the same password/phrase as for whatever
application stores the various passphrases for ssh/gpg etc.
> There is always a tradeoff between security and convenience. Are you
> suggesting that there not be a way for users to enable their login to
> unlock their various keyrings?
Nope. But that in no way requires login password/phrase == ssh key
password/phrase.
J.
More information about the fedora-devel-list
mailing list