On Fri, May 27, 2016 at 9:13 AM, Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> wrote: > On Fri, May 27, 2016 at 08:51:23AM -0400, Nico Kadel-Garcia wrote: >> This breaks the storage of ssh-agent credentials for te one-time >> enabling of SSH credentials for access on running hosts. > > You mean you start ssh-agent somewhere during the first login and then > access it from any process from further sessions? You can get a setup > to work like this by running the agent in a service, like any long > running service. It's a historically useful way to require an authorized user to actually log into the system and unlock the key. It's similar to the requirement of secure Kerberos servers and Java keystore systems to have a user attend the startup of the daemons, in order to unlock the protected credentials on request and prevent unauthorized use of the service from a stolen backup or disk image. >> Gods alone know what else it will break. > > File the bugs, we'll deal with them one at a time. If I could list all the bugs caused by this change, in advance, in all of Fedora userland, I'd be paid a lot more. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
