MokSec - The Security Framework
thomasg
thomas at gstaedtner.net
Mon Jul 14 18:18:44 CEST 2008
On Mon, Jul 14, 2008 at 6:13 PM, Kalle Happonen <kalle.happonen at iki.fi>
wrote:
> thomasg wrote:
> > On Mon, Jul 14, 2008 at 5:22 PM, arne anka <openmoko at ginguppin.de
> > <mailto:openmoko at ginguppin.de>> wrote:
> >
> > > Of course you can create another user, as you are used to on any
> > unix
> > > system.
> > > It just doesn't ship with one because the distro comes in
> > ready-to-deploy
> > > images, not with a installer like the binary-distro-people are
> > used to.
> >
> > sure? i think it possible that some things won't work when
> > non-root ...
> >
> >
> > Of course some things won't work - if they would, there would be no
> > need for a special root account.
> > Basically all the tools someone would use without a terminal should
> > work (dialer, contacs, ...) no matter what stack is used.
> > The daemons that need root access run in background and can be
> > controlled by userspace-programs without root-access.
> >
> > If of course would take a loginmanager or similar to use a user with
> > password at startup, because currently the user root is automatically
> > logged in. Should be easy to "fix".
> Even running only critical things as root, and most stuff on a
> no-password unprivileged account would be better. But an user account
> with a password a would of course be better. The I'd say that the PIN
> could almost be saved somewhere, to avoid the need for a double log-in.
I had some thoughts about that, too.
Would be cool if it wasn't necessary to have a PIN at all - you enter the
PIN in the "first-run-wizard", that will store it.
After that you only have one password (of your choise) that does all - the
security daemon would lookup in a key/password-database and use your
password for all things, like decrypting the other containers (phonebook,
messages, e.g.), authing you on the network with the stored pin, unlocking
the phone screen, .....
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openmoko.org/pipermail/community/attachments/20080714/7f1a9123/attachment.htm
More information about the community
mailing list