| View previous topic :: View next topic |
| Author |
Message |
Massimo B.
Veteran
Joined: 09 Feb 2005
Posts: 1579
Location: Germany
|
 Posted: Wed Oct 10, 2018 7:21 am Post subject: gnome-keyring not getting password from pam |
 |
|
Hi,
I have emerged gnome-base/gnome-keyring-3.28.2 with USE="pam", but I'm still asked for the gnome-keyring password. I have set the same password for the keyring and for the user. Is that required anyway or is the keyring password just encrypted by the user-password? However it doesn't work. What steps are necessary?
Moreover I would like to reduce the count of passwords without loosing too much security. Having a LUKS password on boot and full encryption, I would prefer the password-less login to the Window Manager. But then it would not be possible to pass the password to the keyring anymore, is it? Having a completely unencrypted keyring, would that be a big security issue? I mean the shut down system is safe based on the encryption. But for the running system, the unencrypted keyring files would be accessible by each process, is that true?
_________________
ppc:PowerBook5,8 15"(1440)-G4/1.67,2G|amd64:HP EliteBook 8560w,i7-2620M,16G|Acer Z5610 (Core2QuadQ8200),8G|amd64-prefix:OpenSuse|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770
Lila-Theme |
|
| Back to top |
|
 |
Massimo B.
Veteran
Joined: 09 Feb 2005
Posts: 1579
Location: Germany
|
| Posted: Mon Dec 17, 2018 8:17 am Post subject: |
|
|
What is the right pam.d setting for the keyring? Currently I found this: | Code: | # grep keyring /etc/pam.d/*
/etc/pam.d/passwd:-password optional pam_gnome_keyring.so use_authtok |
However Ubuntu [1] mentions a different pam.d configuration for /etc/pam.d/gdm or /etc/pam.d/lightdm: | Code: | auth optional pam_gnome_keyring.so
session optional pam_gnome_keyring.so auto_start |
[1] https://wiki.ubuntuusers.de/GNOME_Schl%C3%BCsselbund/#Keyring-Daemon-deaktivieren
_________________
ppc:PowerBook5,8 15"(1440)-G4/1.67,2G|amd64:HP EliteBook 8560w,i7-2620M,16G|Acer Z5610 (Core2QuadQ8200),8G|amd64-prefix:OpenSuse|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770
Lila-Theme |
|
| Back to top |
|
|
Massimo B.
Veteran
Joined: 09 Feb 2005
Posts: 1579
Location: Germany
|
| Posted: Mon Dec 17, 2018 8:46 am Post subject: |
|
|
I have adapted the configuration like this now, and it seems to work, at least after a logout and new login:
| Code: | # grep keyring /etc/pam.d/*
/etc/pam.d/lightdm:auth optional pam_gnome_keyring.so
/etc/pam.d/lightdm:session optional pam_gnome_keyring.so auto_start
/etc/pam.d/passwd:password optional pam_gnome_keyring.so use_authtok
/etc/pam.d/xscreensaver:auth optional pam_gnome_keyring.so |
_________________
ppc:PowerBook5,8 15"(1440)-G4/1.67,2G|amd64:HP EliteBook 8560w,i7-2620M,16G|Acer Z5610 (Core2QuadQ8200),8G|amd64-prefix:OpenSuse|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770
Lila-Theme |
|
| Back to top |
|
|
Massimo B.
Veteran
Joined: 09 Feb 2005
Posts: 1579
Location: Germany
|
| Posted: Mon Jan 28, 2019 5:29 pm Post subject: |
|
|
Now on a different machine, I have exactly the same /etc/pam.d, but after WM login I'm still asked for the keyring password. How can I debug how the password is passed from PAM?
_________________
ppc:PowerBook5,8 15"(1440)-G4/1.67,2G|amd64:HP EliteBook 8560w,i7-2620M,16G|Acer Z5610 (Core2QuadQ8200),8G|amd64-prefix:OpenSuse|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770
Lila-Theme |
|
| Back to top |
|
|
YourNameInHere
n00b
Joined: 28 Mar 2007
Posts: 8
|
| Posted: Fri Feb 01, 2019 5:26 pm Post subject: |
|
|
Hi,
was also playing with gnome-keyring these days ...I think it is working now as i wanted.
I'm using slim as a login-manager:
| Code: | # grep gnome_keyring /etc/pam.d/*
/etc/pam.d/login:#auth optional pam_gnome_keyring.so #keyring
/etc/pam.d/login:#session optional pam_gnome_keyring.so auto_start #keyring
/etc/pam.d/passwd:-password optional pam_gnome_keyring.so use_authtok
/etc/pam.d/slim:auth optional pam_gnome_keyring.so #keyring
/etc/pam.d/slim:session optional pam_gnome_keyring.so auto_start #keyring
/etc/pam.d/system-auth:#auth optional pam_gnome_keyring.so #keyring
/etc/pam.d/system-auth:#password optional pam_gnome_keyring.so #keyring
/etc/pam.d/system-auth:#session optional pam_gnome_keyring.so auto_start #keyring
/etc/pam.d/system-login:#auth optional pam_gnome_keyring.so #keyring
/etc/pam.d/system-login:#session optional pam_gnome_keyring.so auto_start #keyring
|
it is only activated in "slim" (passwd-file looks like it is a default value).
Also there was another problem for me:
After logging in there was a delay for ~20 secondes (stuck at the login-screen).
Turns out this is a known problem 
| Code: |
26.895784] random: crng init done
|
Solution: emerge haveged
See: https://forums.gentoo.org/viewtopic-t-1081710-start-0.html
YourNameInHere
EDIT: Did you also check the keyring with seahorse?
The keyring name must be "Login" and set as default. I was able to remove all keyrings and got a new working one after re-login. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Desktop Environments
