Bug 238741 - pam_keyring doesn't unlock the keyring
Summary: pam_keyring doesn't unlock the keyring
Status: CLOSED WORKSFORME
Alias: None
Product: Fedora
Classification: Fedora
Component: pam_keyring
Version: 8
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Denis Leroy
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords: Reopened
: 244256 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-05-02 18:48 UTC by Guillaume Kulakowski
Modified: 2007-12-03 10:28 UTC (History)
8 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2007-12-03 10:28:31 UTC


Attachments (Terms of Use)

Description Guillaume Kulakowski 2007-05-02 18:48:20 UTC
Description of problem:
pam_keyrink doesn't unlock my gnome-keyring. The configuration is right and work
on fedora 6 (same session & keyring password, /etc/pam.d/gdm configuration).


Version-Release number of selected component (if applicable):
llaumgui@defiant ~> uname -r
2.6.21-1.3116.fc7
llaumgui@defiant~i> rpm -qa | grep keyring
gnome-keyring-0.8-1.fc7
gnome-keyring-manager-2.18.0-1.fc7
pam_keyring-0.0.8-3.fc6
gnome-keyring-devel-0.8-1.fc7


How reproducible:
Create keyring with same passeword than your session. Configure /etc/pam.d/gdm
like that :
#%PAM-1.0
auth       required    pam_env.so
auth       optional    pam_keyring.so try_first_pass
auth       include     system-auth
account    required    pam_nologin.so
account    include     system-auth
password   include     system-auth
session    optional    pam_keyinit.so force revoke
session    include     system-auth
session    required    pam_loginuid.so
session    optional    pam_console.so
session    optional    pam_keyring.so


Actual results:
2 keyring daemon :
llaumgui@defiant /mnt/divers1/llaumgui> ps aux | grep keyring
llaumgui  2357  0.0  0.0   2772   880 ?        S    20:20   0:00
/usr/bin/gnome-keyring-daemon
llaumgui  2467  0.0  0.1   2768  1028 ?        S    20:20   0:00
/usr/bin/gnome-keyring-daemon
llaumgui  3175  0.0  0.0   3972   528 pts/0    R+   20:33   0:00 grep keyring

A keyring lock and a message in /var/log/secure :
May  2 20:20:29 defiant gdm[2322]: pam_keyring(gdm:auth): pam_keyring: starting
gnome-keyring-daemon
May  2 20:20:29 defiant gdm[2322]: pam_keyring(gdm:auth): pam_keyring:
gnome-keyring-daemon failed to start correctly, exit code: 0


Additional info:

Comment 1 Denis Leroy 2007-05-05 12:49:53 UTC
sorry for the delay in looking at this, but my right hand is in a cast and
that's slowed down my fedora work considerably...


Comment 2 Jon Nettleton 2007-05-05 12:54:08 UTC
I know about the bug.  I have the fix, just need to get the next version rolled
out.  It will be ready for Fedora 7 definitely.

Comment 3 Denis Leroy 2007-05-05 14:08:58 UTC
Jon, could you send me a patch (if possible) ? I'll roll it into the fc7 RPM for
testing. thx :-)



Comment 4 Steve Hill 2007-05-23 19:04:06 UTC
I'm running the latest rawhide on an x86_64 and this bug still seems to be
present.  Is there a work around?

Comment 5 Simon Goodall 2007-06-10 16:32:03 UTC
Did that patch make it into F7? I'm having these problems on my F7 install.

Comment 6 Jon Nettleton 2007-06-10 16:43:03 UTC
new version coming out later today should fix this issue.  Been sick, which
limited my hacking this last week.

Comment 7 Jon Nettleton 2007-06-14 03:29:55 UTC
Sorry about the delay, I kind of got caught up in things.  This isn't an
official release, but it will fix the Fedora 7 compatibility.  I have %98 of the
pam_chauthtok stuff done, just need to iron out a couple of more bugs.  This
should satiate the masses temporarily.

http://www.hekanetworks.com/~jnettlet/pam-keyring/pam_keyring-0.0.9.tar.gz

Comment 8 Denis Leroy 2007-06-14 19:16:15 UTC
*** Bug 244256 has been marked as a duplicate of this bug. ***

Comment 9 Fedora Update System 2007-06-19 21:35:47 UTC
pam_keyring-0.0.9-1.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Matthew Saltzman 2007-06-20 02:10:21 UTC
Tried it once, and it worked fine.  I'll report back if I find any issues,
otherwise, thanks!

Comment 11 Denis Leroy 2007-06-20 08:16:03 UTC
Great

Comment 12 Guillaume Kulakowski 2007-06-20 08:35:18 UTC
Test on 4 Fedora 7 i386 : all is OK.

llaumgui@enterprise ~> ps aux | grep keyring
llaumgui  2679  0.0  0.0   2776   784 ?        S    08:21   0:00
/usr/bin/gnome-keyring-daemon
llaumgui  6794  0.0  0.0   4036   752 pts/2    R+   10:34   0:00 grep keyring


Comment 13 Mike McGuire 2007-06-26 08:18:53 UTC
Jon,

The new pam_keyring works fine, thanks.  BUT with "automatic login" enabled, you
need to manually input the "default keyring" password.  Is there a work around??

Thanks...

Comment 14 Fedora Update System 2007-07-05 19:16:49 UTC
pam_keyring-0.0.9-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Guillaume Kulakowski 2007-09-28 07:42:44 UTC
I Reopen this bug for Fedora 8 T2...

Comment 16 morgan read 2007-10-23 21:55:38 UTC
This for f7

From the "Package Details"
"The pam_keyring module allows GNOME users to automatically unlock their default
keyring using their system password when they log in..."

v0.7 from
http://www.hekanetworks.com/index.php/publisher/articleview/frmArticleID/25/staticId/31/
worked fine for me on fc5

I went to install v0.8 on my new install of f7 only to find v0.9 was already
installed, but apparently not working else I wouldn't have bothered to try and
install from
http://www.hekanetworks.com/index.php/publisher/articleview/frmArticleID/25/staticId/31/

/etc/pam.d/gdm appeared not configured for pam_keyring (another bug report
coming on) so I configured as per hekanetworks page and also pam_keyring man
page: pam_keyring still not working - have to re-sign-in to gnome keyring for
NetworkManager every time I log in.

So, are there any quirks to getting this f7 v0.9 pam_keyring working?

Comment 17 morgan read 2007-10-23 22:32:15 UTC
I just tried v0.8 from hekanetworks and that fails too

Comment 18 W. Michael Petullo 2007-10-24 03:00:51 UTC
The functionality of pam_keyring is now in gnome-keyring-pam. This package is
maintained as a part of GNOME. I recommend using that implementation instead.

Comment 19 Matthew Saltzman 2007-10-24 03:24:11 UTC
(In reply to comment #18)
> The functionality of pam_keyring is now in gnome-keyring-pam. This package is
> maintained as a part of GNOME. I recommend using that implementation instead.

...at least once it's working...



Comment 20 Denis Leroy 2007-12-02 23:52:35 UTC
Works on F-8. Is this still an issue on F-7 ?


Comment 21 Matthew Saltzman 2007-12-03 00:41:44 UTC
I'm still being prompted separately on login for a keyring password in F8.  Is
there something I need to do to configure gnome-keyring-pam?  (Both machines
that I'm currently using keys on are now F8.)

Comment 22 Denis Leroy 2007-12-03 00:48:53 UTC
Are you using gnome-keyring-pam or pam_keyring ? F-8 has gnome-keyring-pam setup
by default now, but it's known not to work:

https://bugzilla.redhat.com/show_bug.cgi?id=356931

pam_keyring works for me, but you have to install it AND set it up manually by
editing /etc/pam.d/gdm.


Comment 23 Matthew Saltzman 2007-12-03 01:13:16 UTC
I'm now using gnome-keyring-pam on F8 on both machines that have keys.  Before
upgrading, I had pam_keyring and it was working.

This was my /etc/pamd./gdm file:

#%PAM-1.0
auth       required    pam_env.so
auth       optional    pam_keyring.so try_first_pass
# auth       sufficient  pam_unix.so likeauth nullok
auth       include     system-auth
account    required    pam_nologin.so
account    include     system-auth
password   include     system-auth
session    optional    pam_keyinit.so force revoke
session    include     system-auth
session    required    pam_loginuid.so
session    optional    pam_console.so
session    optional    pam_keyring.so


Comment 24 Denis Leroy 2007-12-03 10:28:31 UTC
Closing as WORKSFORME. Feel free to reopen if still having issue with
pam_keyring on F-7 or F-8. Make sure to use a correct /etc/pam.d/gdm file, such
as Matt's above.



Note You need to log in before you can comment on or make changes to this bug.