On Mon, Sep 28, 2015 at 02:35:58PM -0400, Daniel Kahn Gillmor wrote: > On Mon 2015-09-28 13:16:06 -0400, SGT. Garcia wrote: > > i think neither is what i'm asking. the following particular use case should > > explain it better. > > > > on my user's first login into this machine i run 'notmuch new' this calls > > mbsync > > to sync my email with gmail but in order for mbsync to do so it has to get > > my > > password from pass. pass in turn has encrypted all my passwords and for > > that i > > have to provide the passphrase *manually*. i would like it to happen > > automatically on user login. hence the pam integration. note that i already > > have > > a user systemd service to run 'notmuch new' on user login. it of course > > fails > > until i run the command first to unlock my email passwords. > > if you want it to happen on user login, you're asking for an additional > PAM module that would authenticate you to the local system. > > With PAM, you could configure your system to do this as an additional > authentication step (in which case it's the same as your current > scenario, but you're prompted by the login greeter instead of your own > shell initialization scripts) or as the only authentication required > (in which case my attack against your local user account applies).
i really want it as the only authentication required that is open password from user logs him in and decrypts the passwords. > > that would be my email account not my local user account, correct? > > The attack i described is an attack against your local user account, > though i suspect it could be leveraged into an attack against your > e-mail account as well. > > --dkg how does it work, does gnupg phone home? i suspect not. i did not agree to import anything but apparently my mail client (mutt) and/or gnupg took the initiative to do so. if that's true then that's a misconfiguration or bad default configuration of mutt and/or gnupg, i think. sgt _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
