Bug 1919365

Summary:

gnome-keyring-daemon fails in remote sessions started via VNC or XDMCP

Product:

Red Hat Enterprise Linux 8

Reporter:

Carlos Santos <casantos>

Component:

gnome-keyring

Assignee:

David King <dking>

Status:

NEW ---

QA Contact:

Desktop QE <desktop-qa-list>

Severity:

medium

Docs Contact:

Priority:

medium

Version:

8.3

CC:

dking, modehnal, vikpatil

Target Milestone:

Flags:

casantos: needinfo? (dking)
casantos: needinfo? (dking)

Target Release:

8.0

Hardware:

All

OS:

Linux

Whiteboard:

Fixed In Version:

Doc Type:

If docs needed, set a value

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
/varlog/messages snippet for the VNC scenario	none
/varlog/messages snippet for the VNC + xinetd + XDMCP scenario	none
/varlog/messages snippet for the XDMCP scenario	none
/etc/xdg/autostart/gnome-keyring-replace.desktop workaround	none

Description Carlos Santos 2021-01-22 16:40:07 UTC

Created attachment 1749827 [details]
/varlog/messages snippet for the VNC scenario

Description of problem:

gnome-keyring-daemon fails to lock the keyring in GNOME sessions started from
a remote display, either via VNC or XDMCP 

Version-Release number of selected component (if applicable):

gnome-keyring-pam-3.28.2-1.el8.x86_64
gnome-keyring-3.28.2-1.el8.x86_64
seahorse-3.20.0-9.el8.x86_64 (for tests)

How reproducible:

Always

Steps to Reproduce:
1. Configure remote access via VNC and/or XDMCP, following the instructions in
   at least one of these documents:

   - How do I setup VNC based on xinetd with XDMCP for GDM?
     https://access.redhat.com/solutions/2516

   - How to configure a RHEL to allow remote access to GDM via XDMCP?
     https://access.redhat.com/solutions/2736

   - Are there any changes to the default vncserver configuration in RHEL8.3?
     https://access.redhat.com/solutions/5544351

   Notice that the three access methods can be configured simultaneously on
   the same machine.
   
2. Start the VNC session or log in via GDM

3. Open the "Passwords and Keys" application (seahorse) a "Login" tab should
   appear.

Actual results:

The the "Login" does not appear.

Expected results:

The the "Login" does not appear in searhorse.

Additional info:

Attaching /var/log/messages snippets corresponding to the three scenarios.

The problem can be partially circumvented by adding an autostart file at
/etc/xdg/autostart/gnome-keyring-replace.desktop that replaces the running
daemon but it does not automatically unlock the keyring, since there is no
secure way to provide the user password.

Comment 1 Carlos Santos 2021-01-22 16:41:23 UTC

Created attachment 1749829 [details]
/varlog/messages snippet for the VNC + xinetd + XDMCP scenario

Comment 2 Carlos Santos 2021-01-22 16:42:03 UTC

Created attachment 1749830 [details]
/varlog/messages snippet for the XDMCP scenario

Comment 3 Carlos Santos 2021-01-22 16:43:42 UTC

Created attachment 1749831 [details]
/etc/xdg/autostart/gnome-keyring-replace.desktop workaround

Comment 4 Michal Odehnal 2021-01-26 12:07:52 UTC

I am able to reproduce this, workaround also works.