Avoiding gnome keyring password prompt

Matthew Saltzman mjs at CLEMSON.EDU
Thu Oct 18 13:53:43 UTC 2007 

On Thu, 2007-10-18 at 07:09 -0400, Sam Varshavchik wrote:
> Mogens Kjaer writes:
> 
> > I use the gnome keyring to manage the Networkmanager keys
> > for WiFi and VPN on F7.
> > 
> > I've tried the trick on:
> > 
> > http://fedoraproject.org/wiki/Tools/NetworkManager
> > 
> > to avoid being prompted for the keyring password.
> > 
> > I've installed pam_keyring and added the
> > two lines to /etc/pam.d/gdm (in the correct places),
> > the file now contains:
> > 
> > # cat /etc/pam.d/gdm
> > #%PAM-1.0
> > auth       required    pam_env.so
> > auth       optional    pam_keyring.so try_first_pass
> > auth       include     system-auth
> > account    required    pam_nologin.so
> > account    include     system-auth
> > password   include     system-auth
> > session    optional    pam_keyinit.so force revoke
> > session    include     system-auth
> > session    required    pam_loginuid.so
> > session    optional    pam_console.so
> > session    optional    pam_keyring.so
> > 
> > My logon password and the password for the
> > keyring are identical.
> > 
> > After a reboot, I still get prompted for the password!
> > 
> > What have I missed?
> 
> Nothing. I was given the same advice about six months ago, when I complained 
> about this very exact user-unfriendliness, did this, discovered that it 
> didn't work, gave up, and wrote off this as yet another example of refusal 
> to understand what the user experience should be.
> 
> Rather than screwing around with pam_keyring, there should simply be an 
> option NOT to have a passphrase-protected keyring in the first place, for 
> those that don't want it, yet gnome-keyring stubbornly insists on a 
> password.

Passwordless keyrings are not the same as keyrings with passwords
matching login passwords.  Your passwordless keyring is no protection
against someone who obtains access to your files without knowing your
password (e.g., root or someone with physical access to your disk).  My
keyring with login password is still encrypted.

> 
> Keep in mind that, even in a perfect world, pam_keyring will still not work 
> if you set gdm to autologin to your main account.

Looks like F8 will have a different mechanism for opening keyrings with
the login password.  It's still not quite working, though.

> 
> 
-- 
                Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs

More information about the users mailing list