Bug 1919365

Summary: gnome-keyring-daemon fails in remote sessions started via VNC or XDMCP
Product: Red Hat Enterprise Linux 8 Reporter: Carlos Santos <casantos>
Component: gnome-keyringAssignee: David King <dking>
Status: NEW --- QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.3CC: dking, modehnal, vikpatil
Target Milestone: rcFlags: casantos: needinfo? (dking)
casantos: needinfo? (dking)
Target Release: 8.0   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
/varlog/messages snippet for the VNC scenario
none
/varlog/messages snippet for the VNC + xinetd + XDMCP scenario
none
/varlog/messages snippet for the XDMCP scenario
none
/etc/xdg/autostart/gnome-keyring-replace.desktop workaround none

Description Carlos Santos 2021-01-22 16:40:07 UTC
Created attachment 1749827 [details]
/varlog/messages snippet for the VNC scenario

Description of problem:

gnome-keyring-daemon fails to lock the keyring in GNOME sessions started from
a remote display, either via VNC or XDMCP 

Version-Release number of selected component (if applicable):

gnome-keyring-pam-3.28.2-1.el8.x86_64
gnome-keyring-3.28.2-1.el8.x86_64
seahorse-3.20.0-9.el8.x86_64 (for tests)

How reproducible:

Always

Steps to Reproduce:
1. Configure remote access via VNC and/or XDMCP, following the instructions in
   at least one of these documents:

   - How do I setup VNC based on xinetd with XDMCP for GDM?
     https://access.redhat.com/solutions/2516

   - How to configure a RHEL to allow remote access to GDM via XDMCP?
     https://access.redhat.com/solutions/2736

   - Are there any changes to the default vncserver configuration in RHEL8.3?
     https://access.redhat.com/solutions/5544351

   Notice that the three access methods can be configured simultaneously on
   the same machine.
   
2. Start the VNC session or log in via GDM

3. Open the "Passwords and Keys" application (seahorse) a "Login" tab should
   appear.

Actual results:

The the "Login" does not appear.

Expected results:

The the "Login" does not appear in searhorse.

Additional info:

Attaching /var/log/messages snippets corresponding to the three scenarios.

The problem can be partially circumvented by adding an autostart file at
/etc/xdg/autostart/gnome-keyring-replace.desktop that replaces the running
daemon but it does not automatically unlock the keyring, since there is no
secure way to provide the user password.

Comment 1 Carlos Santos 2021-01-22 16:41:23 UTC
Created attachment 1749829 [details]
/varlog/messages snippet for the VNC + xinetd + XDMCP scenario

Comment 2 Carlos Santos 2021-01-22 16:42:03 UTC
Created attachment 1749830 [details]
/varlog/messages snippet for the XDMCP scenario

Comment 3 Carlos Santos 2021-01-22 16:43:42 UTC
Created attachment 1749831 [details]
/etc/xdg/autostart/gnome-keyring-replace.desktop workaround

Comment 4 Michal Odehnal 2021-01-26 12:07:52 UTC
I am able to reproduce this, workaround also works.