[Dev] User management for multi-user systems

Jussi Laako jussi.laako at linux.intel.com
Tue Oct 29 12:44:06 GMT 2013


On 29.10.2013 12:07, Łukasz Stelmach wrote:
> Do you mean that AS does not provide a way to support setting these
> credentials?

No it doesn't, because it requires auxiliary credential database, since 
current passwd/shadow structre allows only single credential per user. 
Our plan is that passwd/shadow will have only master credential that is 
decrypted from auxiliary database using the user provided credential.

passwd/shadow doesn't support X.509 public key or smartcard 
authentication either, but these can be implemented using the auxiliary 
mechanism we are planning.

So overall, it is just an extension to traditional system, not 
replacement. So there's no conflict with the standard.

> This could be improved in AS. Maybe some plugins?

Of course anything can be implemented in any piece of software, since 
it's just software. Another question is if those changes are accepted 
and how much time and effort it would take.

I cannot make schedule promises on when certain features could be 
provided by AS since it is not under my control.

Practically, it would be mostly complete rewrite of AS. Just as making 
gnome-keyring or gnome-online-accounts proper would also require 
rewriting those components. It is much less effort just reimplement from 
scratch.



More information about the Dev mailing list