[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: Password checking API
From: Michael Goffioul <goffioul () imec ! be>
Date: 2001-10-02 14:06:18
[Download RAW message or body]
Roberto Teixeira wrote:
>
> Em Tuesday 02 October 2001 10:32, Oswald Buddenhagen escreveu:
> > > Hi, I added a "-U" option to kcheckpass. The diff is attached and if no
> > > one objects I'll commit.
> >
> > the patch _looks_ good to me - not actually tested.
> > however, could somebody enlighten me, why one would want that feature?
> > i mean, concrete scenarios ...
>
> Good question, although I'm sure someone can think of something ;)
>
> Seriously, all I know is that Michael Gouffioul wanted it to be able to
> create a wrapper function around it. What is he going to do with it is beyond
> me. Michael?
Basically, this question came up when thinking about how implementing
a feature in kdeprint: the possibility to remove print jobs in CUPS
while being someone else (usually root). This is done by sending an IPP
request to the CUPS server containing an attribute "requesting-user-name".
The job is actually removed if the requesting user name is the owner of
the print job. If I allow to change the username (for example to root)
without authentification, this is a big security hole. My idea was then:
"OK, I can change the user name, but give me the password first".
I agree that such a feature won't be used so much. The only thing I need
is the "-U" option to kcheckpass. For the rest, the wrapper around
kcheckpass can be embedded in the CUPS plugin only, no real need for a
public API.
BTW, the code I suggested was just an idea. I agree that "system" is not
a good way. But what's better if I need a synchronous call? A blocking
KShellProcess?
Michael.
--
------------------------------------------------------------------
Michael Goffioul IMEC-DESICS-MIRA
e-mail: goffioul@imec.be (Mixed-Signal and RF Applications)
Tel: +32/16/28-8510 Kapeldreef, 75
Fax: +32/16/28-1515 3001 HEVERLEE, BELGIUM
------------------------------------------------------------------
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic