On 17/07/07, Todd Zullinger <tmz@xxxxxxxxx> wrote:
Yes, there's a benefit to keeping the passphrases separate. This also affect pam_keyring. Anything that intends to unlock a keyring with one passphrase pretty much requires that the passphrases match.
You were arguing for the login password/phrase matching the ssh password/phrase - that seems like a bad idea and really unecessary. Surely, what you mean is that it's required for the login password/phrase to be the same password/phrase as for whatever application stores the various passphrases for ssh/gpg etc.
There is always a tradeoff between security and convenience. Are you suggesting that there not be a way for users to enable their login to unlock their various keyrings?
Nope. But that in no way requires login password/phrase == ssh key password/phrase. J. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
