[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: KWallet + PAM
From: Pierre <pinaraf () pinaraf ! info>
Date: 2009-05-27 8:43:13
Message-ID: 200905271043.19677.pinaraf () pinaraf ! info
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/mixed)]
On Monday 25 May 2009 23:58:07 Pierre wrote:
> On Sunday 24 May 2009 00:39:33 Michael Leupold wrote:
> > Pierre wrote:
> > > On Wednesday 29 April 2009 18:58:40 Herbert Graeber wrote:
> > >> Am Mittwoch 29 April 2009 03:47:46 schrieb John Tapsell:
> > >> > Has any progress been made on the pam+kwallet front? There seem
> > >> > to be patches floating about (e.g.
> > >> > http://kubuntuforums.net/forums/index.php?topic=3091705.0 ) but I'm
> > >> > guessing that they haven't been integrated into our svn ?
> > >>
> > >> For KDE there has been a openSUSE package named pam_kwallet for this.
> > >> It depends on a patch to the kwallet daemon, to open a wallet with a
> > >> password given a parameter via dcop (function tryOpen). It would be
> > >> easy to port pam_kwallet to KDE when a similar patch has been made for
> > >> KDE4's kwallet daemon.
> > >
> > > If you're interested, I've got a port of this to KDE4 available on my
> > > hard drive...
> > > It does add a DBus tryOpen call in kwalletd. I ported the
> > > "kwalletclient" from pam_kwallet to use dbus too. I only have to try
> > > it, but I'm too lazy to do it right now (and I'll be AFK for one day or
> > > two..)
> > > I'll send the patches in a few days.
> >
> > Could you please post it to the list? As many users are asking for it we
> > might as well put it into 4.4. I guess marking it as "PAM module only"
> > and not exposing it in our API should be enough to make it clear that
> > this isn't supposed to be used in regular programs. Of course it should
> > be documented that sending the (hashed?) password over D-Bus is
> > inherently less secure than entering it manually.
>
> Hi
>
> I didn't look at a way to send the password hashed. It seems to be quite
> easy to implement, I'll try to do that in a future version of the patch.
> The attached patchs for kdelibs and kdebase-runtime implement the DBus
> call. The kwalletclient part will be sent as soon as it has been tested and
> fixed... So far, that part doesn't seem to work, but I may have done
> something wrong on my testing system, and I had a huge unplanned event
> friday (a car crash) that removed me a lot of free time...
>
> Pierre
Hi
Attached to this mail is the second part of the KWallet/PAM integration : there
is a pam_kwallet module and a kwalletclient program.
kwalletclient works like the old kwalletclient3, except that it uses DBus to
communicate with kwalletd.
pam_kwallet is a copy of the old pam_kwallet for KDE 3. I think that some
cleanups are needed, I'll look at that module when I have some time. For
instance, I don't understand why it requires glib : a pipe is really simple to
do using "raw" C...
Any comment on this ?
Pierre
["pam_kwallet4.tar.bz2" (application/x-bzip-compressed-tar)]
["signature.asc" (application/pgp-signature)]
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic