On 17/07/07, Todd Zullinger <tmz(a)pobox.com> wrote:
Yes, there's a benefit to keeping the passphrases separate.
This
also affect pam_keyring. Anything that intends to unlock a keyring
with one passphrase pretty much requires that the passphrases match.
You were arguing for the login password/phrase matching the ssh
password/phrase - that seems like a bad idea and really unecessary.
Surely, what you mean is that it's required for the login
password/phrase to be the same password/phrase as for whatever
application stores the various passphrases for ssh/gpg etc.
There is always a tradeoff between security and convenience. Are
you
suggesting that there not be a way for users to enable their login to
unlock their various keyrings?
Nope. But that in no way requires login password/phrase == ssh key
password/phrase.
J.