Magnus Hagander wrote: > Dave Page wrote: >> Magnus Hagander wrote: >> >>> Just to make things clear, this wouldn't be about another auth method. >>> Windows has an API to store arbitrary passwords in a "secure way". At >>> least it does in XP+, not sure if it was in 2000. >> Would it really solve Tony's problem though? I'm not familiar with the >> API you're thinking of, but do be useful to us it must be able to give >> the unencrypted passwords back to us, and therefore anything else >> pretending to be us. > > yeah, but it pops up a GUI notification for you. It's what IE uses to > store things like passports. It's also used, IIRC, by the new RDP client > that's available, and a few more. > Did a quick check, and it's XP/2003 only. See > http://msdn2.microsoft.com/en-us/library/aa302353.aspx. That would break all the non-interactive apps that we recommend using pgpass with to prevent storing passwords in even less secure places. Regards, Dave.