Login Manager

["Jørgen P. Tjernø"]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shakthi Kannan wrote:
> Hi,
> 
> This is w.r.t. having a login manager for OpenMoko.
> 
> [ .. snip .. ]
> 
> I read this page:
> http://wiki.openmoko.org/wiki/My_Account
This idea seems to be a bit too much "work" for the average Joe, but I
guess that depends on the implementation. It also seems overly complex.
(Perhaps I'm not understanding it properly)

> I put together few points on the login manager:
> http://shakthimaan.com/downloads/openmoko/docs/login-manager.pdf
I really like this idea, and it seems like it's almost fully
transparent! I guess the phone has a way of uniquely identifying the SIM
without the PIN being correct? If so, you could just ignore any user
password (and just authenticate using PIN) if the SIM is the
"first-boot" SIM (but set the user-password to PIN whenever the user
logs in with the "first-boot" SIM - so that you can use your PIN
whenever you boot the phone without SIM). That way, you don't need a
"forgotten password"-mechanism, you just use PIN & PUK - which are
pre-defined mechanisms for SIMs. (To make it even simpler in use)

Just my two cent. As I mentioned, I think this idea is an awesome (and
simple) security-mechanism. :-)

Kindest regards, Jørgen P. Tjernø.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGtd2WUMzc1WGo4zgRAiJ4AJ9ajiHf7pQAnZXP83cwhxt6StuBuQCdFPqM
gFfN4/0koQUa24fIBrOJQQY=
=bjAN
-----END PGP SIGNATURE-----