gnome-keyring Obtaining a TGT without unrestricted access to password.

[Russ Allbery]

Simo Sorce <simo at redhat.com> writes:

> Purpose that is defeated if someone stores the password in clear text,
> in a way that the user can query it, or not in kernel protected memory
> ... like gnome-keyring does ...

Indeed.  Which is why in the long run we're looking at other preauth
mechanisms to require things like multifactor authentication, which will
continue to work well with the desired behavior if one uses renewable
tickets, but which will completely break (intentionally) what's otherwise
being discussed here....

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>