What is the point of the NM keyring?
Alan Cox
alan at lxorguk.ukuu.org.uk
Sat Aug 16 15:38:29 UTC 2008
> Some kind soul pointed out that one could get rid
> of the demand by NM for a keyring password
> by deleting .gnome2/keyrings/default.keyring
> and then giving an empty password when requested.
>
> But that made me wonder what possible point
> the keyring password could have?
> Is it intended as some kind of security device?
More of a helper.
> As far as I can see, you have to be logged in to run NM,
> and if you are logged in you can delete this file.
Correct.
> I might say the same about the KDE wallet system.
> How does this make one's part of the system more secure,
> since it is open to you to change the wallet password,
> or even to make it empty?
The point is you can't get the keys back. So if your machine gets stolen
or borrowed all the passwords on the keyring are safe. I can blank the
ring and set new ones but I can't get the old ones. At the point I've
stolen your machine I can blank the disk or throw the computer into the
sea so being able to blank the ring isn't an issue, stopping people
getting the keys back is the point.
> I live in an old house with hundreds of locks
> on cupboard doors, etc, to which almost all the keys
> have long ago disappeared.
> It seems to me Fedora is getting a bit like that.
The wallet is an optional key cabinet. You can if you want just stick all
the passwords and keys in /etc/wpa/wpa_supplicant.conf (I think thats the
file) if you want
More information about the users
mailing list