Bug 251844

Description of problem:

Hello,

I've got Fedora 7 (x86 -Gnome) running on my laptop (IBM/Lenovo T60).

1) I took care of the annoying requests by the 'Gnome Keyring Manager'
(accessing WAP key every boot) by installing pam_keyring and add a couple of
lines in the /etc/pam.d/gdm

#%PAM-1.0
auth required pam_env.so
# Following keyring line added
auth optional pam_keyring.so try_first_pass
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
# Following keyring line added
session optional pam_keyring.so

This worked in a rather lovely fashion and I had no further problems... until:

2) I use of the built in fingerprint reader, so I installed 'thinkfinger' module.

# rpm -qa | grep think
thinkfinger-0.3-2.fc7
thinkfinger-devel-0.3-2.fc7

The fingerprint reader works fine and I was able to aquire and verify
fingerprints. I then made the following changes to my /etc/pam.d/system-auth

]# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
# Following line added for fingerprint reader
auth        sufficient    pam_thinkfinger.so
auth        sufficient    pam_unix.so try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet
use_uid
session     required      pam_unix.so


This kind of worked. At the login screen I could type in my username, but then
it presented me with "Password:" though I could hit enter to null through, and
it prompted "Enter password or swipe finger". So I could scan my finger and get
in - but the keyring-manager demanded a password again.


More concerned with the login method:

Username >enter Password > "Enter password or scan finger" after I logging and
keyring-manager don't ask a password.

If I comment one of lines in the /etc/pam.d/gdm

#%PAM-1.0
auth required pam_env.so
# Following keyring line added
#auth optional pam_keyring.so try_first_pass

at the login screen I could type in my username, but then it presented me "Enter
password or swipe finger". So I could scan my finger and get in - but the
keyring-manager demanded a password again.



Version-Release number of selected component (if applicable):
# uname -r
2.6.22.1-41.fc7

# rpm -qa | grep pam_
pam_ccreds-4-2.fc7
pam_krb5-2.2.11-1
pam_smb-1.1.7-7.2.1
pam_passwdqc-1.0.2-1.2.2
pam_keyring-0.0.9-1.fc7
pam_pkcs11-0.5.3-24