Re: What is the point of the NM keyring?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2008-07-20 at 15:26 +0100, Timothy Murphy wrote:
> Some kind soul pointed out that one could get rid
> of the demand by NM for a keyring password
> by deleting .gnome2/keyrings/default.keyring
> and then giving an empty password when requested.
> 
> But that made me wonder what possible point
> the keyring password could have?
> Is it intended as some kind of security device?
> As far as I can see, you have to be logged in to run NM,
> and if you are logged in you can delete this file.
> 
> I might say the same about the KDE wallet system.
> How does this make one's part of the system more secure,
> since it is open to you to change the wallet password,
> or even to make it empty?
> 
> I live in an old house with hundreds of locks
> on cupboard doors, etc, to which almost all the keys
> have long ago disappeared.
> It seems to me Fedora is getting a bit like that.
> 
> I wish I felt there was someone whose job it was
> to make Fedora/Linux simpler to use
> rather than just adding more features
> with keys and passwords to fit.

The point is to allow you to store large numbers of passwords or
encryption keys to be applied automatically when required (modulo the
collaboration of the password-requiring agent of course), so you don't
have to answer a challenge every time you use something that requires a
password or key.

As protection from intruders, it's considered wise to encrypt these
repositories in case they get stolen, hence the keyring/kwallet
"password" (actually a key).

NM is simply one of the agents that uses a keyring to hold its keys for
use with WPA or whatever. Evolution is another. Konqueror, Kmail etc.
use Kwallet and so on. It's a pity there are two competing systems, but
that's the way it is for now. Some agents (Firefox for example) have
their own private system, presumably because they're cross-platform.

poc

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux