What is the point of the NM keyring?
pocallaghan at gmail.com
Sun Jul 20 14:17:58 UTC 2008
On Sun, 2008-07-20 at 15:26 +0100, Timothy Murphy wrote:
> Some kind soul pointed out that one could get rid
> of the demand by NM for a keyring password
> by deleting .gnome2/keyrings/default.keyring
> and then giving an empty password when requested.
> But that made me wonder what possible point
> the keyring password could have?
> Is it intended as some kind of security device?
> As far as I can see, you have to be logged in to run NM,
> and if you are logged in you can delete this file.
> I might say the same about the KDE wallet system.
> How does this make one's part of the system more secure,
> since it is open to you to change the wallet password,
> or even to make it empty?
> I live in an old house with hundreds of locks
> on cupboard doors, etc, to which almost all the keys
> have long ago disappeared.
> It seems to me Fedora is getting a bit like that.
> I wish I felt there was someone whose job it was
> to make Fedora/Linux simpler to use
> rather than just adding more features
> with keys and passwords to fit.
The point is to allow you to store large numbers of passwords or
encryption keys to be applied automatically when required (modulo the
collaboration of the password-requiring agent of course), so you don't
have to answer a challenge every time you use something that requires a
password or key.
As protection from intruders, it's considered wise to encrypt these
repositories in case they get stolen, hence the keyring/kwallet
"password" (actually a key).
NM is simply one of the agents that uses a keyring to hold its keys for
use with WPA or whatever. Evolution is another. Konqueror, Kmail etc.
use Kwallet and so on. It's a pity there are two competing systems, but
that's the way it is for now. Some agents (Firefox for example) have
their own private system, presumably because they're cross-platform.
More information about the fedora-list