Hi, > Even though the keyring is locked, it seems like the application that set > the secret should be able to retrieve it. I don't know how you want to make > sure it's the same calling application, there might be some tricks in that. > But this would reduce the number of login / access the keyring dialogs. So, at some point a password has to be asked for, because that password is used to unencrypt the data. In theory only one password should need to be asked for though, the password (or smart card PIN code) you type when you login. That's the whole single sign on dream, and what pam_gnomekeyring is trying to tackle.
> Perhaps my vision of the keyring is more of a secure little area where > applications can save data that's reliable and encrypted and I have the > master password to; however if an application wants to save some random > secret bits in the keyring that only it will retrieve later I find it pretty > harmless. Is that a false assumption? If the data is encrypted then the application won't be able to get to the data until it's unencrypted, which means asking for a password. Are you asking for an unencrypted area that only one application has read access to? If so, you might be able to do something like that with SELinux (or AppArmor?), but I don't think it would be a very robust solution. --Ray _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org http://mail.gnome.org/mailman/listinfo/desktop-devel-list
