[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Persistent password caching (.netrc and .kionetrc)
From: George Staikos <staikos () kde ! org>
Date: 2001-06-11 20:40:56
[Download RAW message or body]
On Monday 11 June 2001 05:13, Dawit Alemayehu wrote:
> In terms of security, for reading from the file we follow the same
> requirements set on the ".netrc" file, which is basically that the file
> must exist and only have "rw" permission for the user. We also check to
> see if the current geteuid() matches the uid set on the file. Also these
> file must be in the right location of course. That is ".netrc" must be in
> while ".kionetrc" must be under the "config" directory in $KDEHOME...
>
> Anyways, in the long run the idea is to unify password caching for all
> applications that need it. For example, kmail can store any login info
> provided in the account area in ".kionetrc" using the "preset" keyword and
> setting the type file. This makes it easier to allow the user to manage
> his (her) password from a single control panel config module (when it is
> designed!). Also we can store webbased login information and provide
> similar facilities as Mozilla and IE do in this regards with a very small
> overhead.
>
> Oh BTW, all of this of course is optional as with everything else and will
> be off by default for the very obvious reasons...
>
> What do you all think ? Comments, opinions, ideas ? Is it a good idea to
> provide a centralized location for storing persistent passwords ?
I've been pondering this too, because it's basically essential to SSL
support. Users will not be pleased to have to type in their password every
time KDE uses a certificate. However I won't implement the code to save the
password until there is an encrypted password registry. It's just not safe.
I do have the code for 16 rounds blowfish with variable key length checked
into koffice and I was planning to abstract it more to make a good crypto
infrastructure for 2.3. If you want, we could temporarily move this code
into a "private" class in kdelibs to use for this. Then a user would input
the global password once and all apps could then read the passwords. Ideally
this should go in the KConfig layer (I think...) but I guess it could go
anywhere.
What do you think about something along those lines?
--
George Staikos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic