https://bugs.kde.org/show_bug.cgi?id=263174

--- Comment #19 from Alex Dubov <[email protected]> ---
By thinking some more, one can notice, that SSO (kerberos, webauthn) has the
same problem: user password being unavailable at login time and decryption
key(s) coming from elsewhere (central LDAP in kerberos case, secure sensor
chip/TPM in the fingerprint case). So there's really no alternative to
improving the wallet/secrets auth flow handling in KDE and proper PAM flow is
probably the most tangible direction (PAM itself should also be improved some,
with proper item keys added to support secure storage and keyring decryption;
these are not dissimilar to X11 item keys added in the past).

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to