Obtaining a TGT without unrestricted access to password.

Stef Walter stefw at collabora.co.uk
Thu Jun 16 03:54:55 EDT 2011


On 06/16/2011 02:28 AM, Russ Allbery wrote:
>> David Woodhouse <dwmw2 at infradead.org> writes:
>> > The user's password is learned at login time and stored within the
>> > gnome-keyring dæmon.
> Why don't you just obtain renewable tickets and renew them instead of
> storing the password in memory?

That sounds interesting. Do you have pointers to how this works? I'm not
that familiar with Kerberos, so please bear with me :)

BTW, a nice future goal of gnome-keyring is to just have a set of hashes
of the login password in memory, each of which could be used for various
purposes, rather than storing the password in memory itself.

Among other things, this would require some file format changes for the
keyring files,

Cheers,

Stef




More information about the krbdev mailing list