On Mon, 2007-12-17 at 17:03 -0300, Thomas M Steenholdt wrote: > Alexander Larsson wrote: > > > > That "works", but is not ideal, as it means the keyring pam daemon will > > ask for the password instead of using the cached result from the > > system-auth result. This is clearly a problem if you mistype you > > password... > > > > The solution is to fix the system-auth so that it runs and then runs the > > pam modules after it. This is fixed in rawhide with the pam-stacks > > supports i believe. > > > > Hi > > I'm only asked to enter the password once (on login by gdm). Even if I > typed the password incorrectly, that wouldn't mean problems, since I > wouldn't be logged in in the first place, so how could it be causing > problems. Once I enter my password correctly, it caches the correct > password and uses that to unlock the keyring. The problem is not that you need to enter the password multiple times, that password is saved and reused for later pam modules. In fact this is how pam-keyring is meant to work, system-auth asks for the password, its saved and then pam-keyring reads this and uses it to try to unlock the keyring. However, if pam-keyring is run first then it is the one asking for the password instead of system-auth, and system-auth is the part using the saved password. This is a problem, because pam-keyring can't do things like verifying the password you entered is correct, or ask again if it is not. I'm not sure what the exact result will be in this case, but its not ideal. -- Fedora-desktop-list mailing list Fedora-desktop-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-desktop-list
