, the popular multi protocol instant messaging client, has a mode of operation where it will store the users password in the clear text.This
page attempts to justify this behaviour. I certainly agree that obscuring it without using real crypto is a bad idea and would never support that.
My gripe with the justification is that it misses a very important, to me and many of my friends and coworkers, use case. That is where GAIM is being used in a corporate deployment as the client to something like Sun Java Enterprise Instant Messenger
. In this case the user has no choice but to use their password that they use for other critical and sensitive resources (for example: their email, their access to payroll systems, system login password) since in this type of deployment all authentication is done using the same LDAP server.
The other problem is that in many cases the end users have their home directory on NFS. While NFSv4 (and NFSv3 between Solaris clients) can be secured using RPCSEC_GSS (usually with Kerberos as the mechanism) it isn't by default which means it is too recover users
files despite the file permissions.
Ultimately I'd actually like to see secure single signon, with Gaim using SASL (with GSSAPI plugin) to authenticate to the IM servers using the Kerberos tickets the user got at login. While this might be possible in some cases it requires a lot of security infrastructure to be deployed that some companies may not have yet.
A simple solution to this would be for Gaim to use the GNOME keyring support as other GNOME desktop applications are starting to do. For me this has another advantage on the GNOME bits that are JDS
on Solaris releases; it uses the OpenSolaris Cryptographic Framework
Technorati Tags: Security