Bill Sommerfeld wrote: >> The functionality proposed here permits such a credential to be stored >> securely in the SMF repository, by default readable only by root, and >> at the same time would allow greater administrative flexibility in >> accessing or modifying this value, reducing the number of potential >> administrative tasks requiring full privileges. > > I'm a little confused about exactly who becomes responsible for > encrypting the sensitive credential in this case -- is it SMF or is it > the individual service? > > I'm uncomfortable with leaving this to the individual service (since it > effectively forces each service to reinvent their own wheel), especially > without very specific guidance in the SMF documentation.
and where is the decryption key (or PIN to authenticate to the keystore) going to come from during boot ? -- Darren J Moffat
