From kde-devel  Tue Nov 11 17:26:41 2003
From: George Staikos <staikos () kde ! org>
Date: Tue, 11 Nov 2003 17:26:41 +0000
To: kde-devel
Subject: Re: IBM Applies for Password Manager Patent
X-MARC-Message: https://marc.info/?l=kde-devel&m=106857227718424

On Tuesday 11 November 2003 11:53, Aaron J. Seigo wrote:
> On Tuesday 11 November 2003 06:42, George Staikos wrote:
> > It
>
>  also defeats the "walk away from the terminal and the wallet is still
>
> > accessible" safeties.  I think it's very convenient, but a bad idea from
> > a security perspective.
>
> you can also set your root password to be empty, or allow all users
> unlimited access to commands via sudo... those are not the default settings
> on most OSes, and certainly not what you'd want in a secure environment.
> however you _can_ set it up that way if it makes sense for your
> installation. i don't see how making this an option (off by default) would
> be a bad thing.

   Might as well get rid of encrypted /etc/shadow then too.

-- 
George Staikos
KDE Developer				http://www.kde.org/
Staikos Computing Services Inc.		http://www.staikos.net/

 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<