This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours

Bug 312531

Summary: auto-unlock doesn't seem to work
Product: [Fedora] Fedora Reporter: Thomas J. Baker <tjb>
Component: gnome-keyringAssignee: Tomáš Bžatek <tbzatek>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 8CC: amlau, bbaetz, belegdol, cra, denis, eric.tanguy, erik-fedora, james.brown, milan.slanar, redhat-bugzilla, rlocke, tim, tsmetana, zcerza
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-01-09 02:17:23 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 235703, 356931    

Description Thomas J. Baker 2007-09-29 15:26:07 EDT
The auto unlocking gnome keyring stuff is not working well for me. I get
prompted every time I start evolution for the 'default' keyring password with
the option of automatically unlocking it at login, which I always check. Half of
my passwords are stored in the 'default' keyring and half are in the 'login'
keyring. Assuming that a bold name in gnome-keyring-manager denotes what it
thinks is the default keyring, then the login keyring is the default one. I get
prompted for the password to the 'default' keyring which then means the one
named default, and I also get prompted for the default keyring, which ends up
being the login one. The only difference in the prompting dialogs is the quoting.

The password to the login keyring is the same as my unix one. The password to my
default keyring is different. Do all three need to be the same to work? Also, is
this supposed to work for an NIS setup? My laptop is a local account but my work
one is NIS. The auto unlocking keyring stuff doesn't work anywhere.

I don't know if some of this is related to the fact that you still can't log out
correctly so things may not get saved.

This is on an up to date 9/29 rawhide system.
Comment 1 Matthias Clasen 2007-10-03 12:12:30 EDT
We have debugged the problem at length today, and found that there are 2 problems:

1) The pam configuration needs changes to enable gnome-keyring to do what it
needs to do. This requires authconfig changes that are outlinedin bug 250147

2) With the authconfig changes in place, it works selinux disabled. When selinux
is enabled, it prevents the pam module (running in gdm context) from talking to
the daemon (running in the session) via the socket. The proposed fix for this is
to start the daemon in a way that lets it unlock the keyring, ie pass the
username/password at start - probably not via cmdline though, since that would
make it show up in /proc for everyone to read)
Comment 2 Alexander Larsson 2007-10-05 05:30:24 EDT
gnome-keyring-2.20-4.fc8 has a fix for the selinux problem.
Now we just need to fix authconfig.
Comment 3 Carl Becker 2007-10-14 14:01:53 EDT
I have the exact same problem with the network manager.
It always asks for the keyring unlock to get the wpa string with an option to do
this in the futur when I log in automaticaly. I always place the tick but it
never works.
This is still an issue with gnome-keyring-2.20-6.fc8 and authconfig-5.3.18-1.fc8.
Comment 4 Matthias Clasen 2007-10-15 15:54:44 EDT
I have turned the auto-unlock checkboxes off now, until we have the necessary
pam setup changes.
Comment 5 Julian Sikorski 2007-10-15 16:14:38 EDT
I can't see the checkbox here at all... How to create the login keyring?
Comment 6 Jonathan Underwood 2007-12-02 19:20:59 EST
(In reply to comment #4)
> I have turned the auto-unlock checkboxes off now, until we have the necessary
> pam setup changes.

Did this remain off when F-8 shipped? BZ #356931 seems to be manifesting this
problem. Is there any chance of pushing an update which unbreaks this situation?
Comment 7 Jonathan Underwood 2007-12-02 19:59:05 EST
Re-opening this bug as the no-autounlock  patch is still in the SRPM, and
reassigning to F-8. Any chance of pushing an update with this fixed for F-8?
Comment 8 Jonathan Underwood 2008-01-20 18:50:30 EST
Since there is a fix for the authconfig issue in BZ #250147 and the SElinux
issue is resolved, what is preventing pushing an updated package for F8 to give
functional gnome-pam-keyring?
Comment 9 James G. Brown III 2008-04-06 22:48:29 EDT
Any update on this? If there is anything I can do to help please advise. 

- James
Comment 10 Bug Zapper 2008-11-26 02:53:05 EST
This message is a reminder that Fedora 8 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 8.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '8'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 8's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 8 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 11 Tim Niemueller 2008-11-27 07:34:17 EST
As far as I can see this is working now in F-10 and in F-9 for some time. So this bug can probably be closed now.
Comment 12 Bug Zapper 2009-01-09 02:17:23 EST
Fedora 8 changed to end-of-life (EOL) status on 2009-01-07. Fedora 8 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.