Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
gnome-keyring not getting password from pam
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
Massimo B.
Veteran
Veteran


Joined: 09 Feb 2005
Posts: 1537
Location: Germany

PostPosted: Wed Oct 10, 2018 7:21 am    Post subject: gnome-keyring not getting password from pam Reply with quote

Hi,

I have emerged gnome-base/gnome-keyring-3.28.2 with USE="pam", but I'm still asked for the gnome-keyring password. I have set the same password for the keyring and for the user. Is that required anyway or is the keyring password just encrypted by the user-password? However it doesn't work. What steps are necessary?

Moreover I would like to reduce the count of passwords without loosing too much security. Having a LUKS password on boot and full encryption, I would prefer the password-less login to the Window Manager. But then it would not be possible to pass the password to the keyring anymore, is it? Having a completely unencrypted keyring, would that be a big security issue? I mean the shut down system is safe based on the encryption. But for the running system, the unencrypted keyring files would be accessible by each process, is that true?
_________________
ppc:PowerBook5,8 15"(1440)-G4/1.67,2G|amd64:HP EliteBook 8560w,i7-2620M,16G|amd64:Acer Z5610 (Core2QuadQ8200),8G|amd64-prefix:OpenSuse
Lila-Theme
Back to top
View user's profile Send private message
Massimo B.
Veteran
Veteran


Joined: 09 Feb 2005
Posts: 1537
Location: Germany

PostPosted: Mon Dec 17, 2018 8:17 am    Post subject: Reply with quote

What is the right pam.d setting for the keyring? Currently I found this:
Code:
# grep keyring /etc/pam.d/*
/etc/pam.d/passwd:-password   optional   pam_gnome_keyring.so use_authtok

However Ubuntu [1] mentions a different pam.d configuration for /etc/pam.d/gdm or /etc/pam.d/lightdm:
Code:
auth optional pam_gnome_keyring.so
session optional pam_gnome_keyring.so auto_start

[1] https://wiki.ubuntuusers.de/GNOME_Schl%C3%BCsselbund/#Keyring-Daemon-deaktivieren
_________________
ppc:PowerBook5,8 15"(1440)-G4/1.67,2G|amd64:HP EliteBook 8560w,i7-2620M,16G|amd64:Acer Z5610 (Core2QuadQ8200),8G|amd64-prefix:OpenSuse
Lila-Theme
Back to top
View user's profile Send private message
Massimo B.
Veteran
Veteran


Joined: 09 Feb 2005
Posts: 1537
Location: Germany

PostPosted: Mon Dec 17, 2018 8:46 am    Post subject: Reply with quote

I have adapted the configuration like this now, and it seems to work, at least after a logout and new login:
Code:
# grep keyring /etc/pam.d/*
/etc/pam.d/lightdm:auth    optional        pam_gnome_keyring.so
/etc/pam.d/lightdm:session optional        pam_gnome_keyring.so    auto_start
/etc/pam.d/passwd:password   optional   pam_gnome_keyring.so use_authtok
/etc/pam.d/xscreensaver:auth    optional        pam_gnome_keyring.so

_________________
ppc:PowerBook5,8 15"(1440)-G4/1.67,2G|amd64:HP EliteBook 8560w,i7-2620M,16G|amd64:Acer Z5610 (Core2QuadQ8200),8G|amd64-prefix:OpenSuse
Lila-Theme
Back to top
View user's profile Send private message
Massimo B.
Veteran
Veteran


Joined: 09 Feb 2005
Posts: 1537
Location: Germany

PostPosted: Mon Jan 28, 2019 5:29 pm    Post subject: Reply with quote

Now on a different machine, I have exactly the same /etc/pam.d, but after WM login I'm still asked for the keyring password. How can I debug how the password is passed from PAM?
_________________
ppc:PowerBook5,8 15"(1440)-G4/1.67,2G|amd64:HP EliteBook 8560w,i7-2620M,16G|amd64:Acer Z5610 (Core2QuadQ8200),8G|amd64-prefix:OpenSuse
Lila-Theme
Back to top
View user's profile Send private message
YourNameInHere
n00b
n00b


Joined: 28 Mar 2007
Posts: 8

PostPosted: Fri Feb 01, 2019 5:26 pm    Post subject: Reply with quote

Hi,

was also playing with gnome-keyring these days ...I think it is working now as i wanted.
I'm using slim as a login-manager:

Code:
# grep gnome_keyring /etc/pam.d/*
/etc/pam.d/login:#auth       optional     pam_gnome_keyring.so #keyring
/etc/pam.d/login:#session    optional     pam_gnome_keyring.so auto_start #keyring
/etc/pam.d/passwd:-password   optional   pam_gnome_keyring.so use_authtok
/etc/pam.d/slim:auth     optional   pam_gnome_keyring.so #keyring
/etc/pam.d/slim:session optional   pam_gnome_keyring.so auto_start #keyring
/etc/pam.d/system-auth:#auth       optional    pam_gnome_keyring.so #keyring
/etc/pam.d/system-auth:#password    optional    pam_gnome_keyring.so #keyring
/etc/pam.d/system-auth:#session    optional   pam_gnome_keyring.so auto_start #keyring
/etc/pam.d/system-login:#auth      optional  pam_gnome_keyring.so #keyring
/etc/pam.d/system-login:#session   optional  pam_gnome_keyring.so auto_start #keyring


it is only activated in "slim" (passwd-file looks like it is a default value).

Also there was another problem for me:
After logging in there was a delay for ~20 secondes (stuck at the login-screen).

Turns out this is a known problem :(
Code:

26.895784] random: crng init done


Solution: emerge haveged
See: https://forums.gentoo.org/viewtopic-t-1081710-start-0.html

YourNameInHere

EDIT: Did you also check the keyring with seahorse?
The keyring name must be "Login" and set as default. I was able to remove all keyrings and got a new working one after re-login.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum