automatic unlocking of keyring
Alexander Larsson
alexl at redhat.com
Mon Dec 17 10:49:43 UTC 2007
On Sat, 2007-12-15 at 22:26 -0300, Thomas M Steenholdt wrote:
> Matthias Clasen wrote:
> > As some may remember, we turned automatic unlocking of
> > keyrings at login time off at a late time in the F8 schedule,
> > since it was not working properly with our pam configuration.
> >
> > pam has meanwhile gained a new feature that will hopefully
> > allow this to work reliably (substack). I have built
> > gdm-2.21.2-0.2007.11.20.4.fc9 and gnome-keyring-2.20.2-2.fc9
> > in rawhide with this turned on.
> >
> > Please try it and tell me if it works for you.
> >
> >
> > Matthias
> >
>
> This is actually working for me on F8 using:
>
> gdm-2.20.2-2.fc8 and gnome-keyring-2.20.2-1.fc8
>
> The only thing I think I changed was to move pam_gnome_keyring.so above
> the system-auth line in /etc/pam.d/gdm.
>
> If this is not supposed to work, what am I missing? I definitely unlocks
> the keyring for nm_applet, evolution and various server connections.
That "works", but is not ideal, as it means the keyring pam daemon will
ask for the password instead of using the cached result from the
system-auth result. This is clearly a problem if you mistype you
password...
The solution is to fix the system-auth so that it runs and then runs the
pam modules after it. This is fixed in rawhide with the pam-stacks
supports i believe.
More information about the Fedora-desktop-list
mailing list