Re: Avoiding gnome keyring password prompt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2007-10-18 at 07:09 -0400, Sam Varshavchik wrote:
> Mogens Kjaer writes:
> 
> > I use the gnome keyring to manage the Networkmanager keys
> > for WiFi and VPN on F7.
> > 
> > I've tried the trick on:
> > 
> > http://fedoraproject.org/wiki/Tools/NetworkManager
> > 
> > to avoid being prompted for the keyring password.
> > 
> > I've installed pam_keyring and added the
> > two lines to /etc/pam.d/gdm (in the correct places),
> > the file now contains:
> > 
> > # cat /etc/pam.d/gdm
> > #%PAM-1.0
> > auth       required    pam_env.so
> > auth       optional    pam_keyring.so try_first_pass
> > auth       include     system-auth
> > account    required    pam_nologin.so
> > account    include     system-auth
> > password   include     system-auth
> > session    optional    pam_keyinit.so force revoke
> > session    include     system-auth
> > session    required    pam_loginuid.so
> > session    optional    pam_console.so
> > session    optional    pam_keyring.so
> > 
> > My logon password and the password for the
> > keyring are identical.
> > 
> > After a reboot, I still get prompted for the password!
> > 
> > What have I missed?
> 
> Nothing. I was given the same advice about six months ago, when I complained 
> about this very exact user-unfriendliness, did this, discovered that it 
> didn't work, gave up, and wrote off this as yet another example of refusal 
> to understand what the user experience should be.
> 
> Rather than screwing around with pam_keyring, there should simply be an 
> option NOT to have a passphrase-protected keyring in the first place, for 
> those that don't want it, yet gnome-keyring stubbornly insists on a 
> password.

Passwordless keyrings are not the same as keyrings with passwords
matching login passwords.  Your passwordless keyring is no protection
against someone who obtains access to your files without knowing your
password (e.g., root or someone with physical access to your disk).  My
keyring with login password is still encrypted.

> 
> Keep in mind that, even in a perfect world, pam_keyring will still not work 
> if you set gdm to autologin to your main account.

Looks like F8 will have a different mechanism for opening keyrings with
the login password.  It's still not quite working, though.

> 
> 
-- 
                Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux