ubuntu-devel Digest, Vol 58, Issue 22

Mark Syms mark at marksyms.me.uk
Sat Jun 20 18:44:17 BST 2009

Hash: SHA1

> Subject:
> Re: One Hundred Paper Cuts -- the first ten
> From:
> Dmitrijs Ledkovs <dmitrij.ledkov at gmail.com>
> Date:
> Sat, 20 Jun 2009 02:10:31 +0100
> To:
> ubuntu-devel at lists.ubuntu.com

> Someone who uses auto-login generally don't want to type a password
> ;-) Someone later referenced Mac Os X behaiviour and IMHO they have
> following design choise:
> 1) Store everything in the encrypted keyring(s)
> 2) There are multiple keyrings but generally the usual one (including
> network passwords) is your default keyring which is unlocked with
> login password (or part of the login process)
> 3) Then if you do auto-login it does ask you for the network password
> but it gives you a checkbox (actually a padlock) which you can check
> which is equivalent to allow this application access this password
> without unlocking the rest of the keychain. (real life equivalent
> leave the padlock on your shed unlocked because it's nothing but
> broken shovels)

So could something like the following be done. Default to use the
standard keyring secured by the login password. If the keyring is not
unlocked when NetworkManager wants to access it (possibly because of
auto-login or other), give the option to always allow this and at that
point create a special keyring and copy the access information over to
the other keyring. Of course this does then make it look less like a
papercut and more a piece of architectural engineering.

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the ubuntu-devel mailing list