Bug 238741 - pam_keyring doesn't unlock the keyring
pam_keyring doesn't unlock the keyring
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: pam_keyring (Show other bugs)
8
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Denis Leroy
Fedora Extras Quality Assurance
: Reopened
: 244256 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-02 14:48 EDT by Guillaume Kulakowski
Modified: 2007-12-03 05:28 EST (History)
8 users (show)

See Also:
Fixed In Version: 0.0.9-1.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-12-03 05:28:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Guillaume Kulakowski 2007-05-02 14:48:20 EDT
Description of problem:
pam_keyrink doesn't unlock my gnome-keyring. The configuration is right and work
on fedora 6 (same session & keyring password, /etc/pam.d/gdm configuration).


Version-Release number of selected component (if applicable):
llaumgui@defiant ~> uname -r
2.6.21-1.3116.fc7
llaumgui@defiant~i> rpm -qa | grep keyring
gnome-keyring-0.8-1.fc7
gnome-keyring-manager-2.18.0-1.fc7
pam_keyring-0.0.8-3.fc6
gnome-keyring-devel-0.8-1.fc7


How reproducible:
Create keyring with same passeword than your session. Configure /etc/pam.d/gdm
like that :
#%PAM-1.0
auth       required    pam_env.so
auth       optional    pam_keyring.so try_first_pass
auth       include     system-auth
account    required    pam_nologin.so
account    include     system-auth
password   include     system-auth
session    optional    pam_keyinit.so force revoke
session    include     system-auth
session    required    pam_loginuid.so
session    optional    pam_console.so
session    optional    pam_keyring.so


Actual results:
2 keyring daemon :
llaumgui@defiant /mnt/divers1/llaumgui> ps aux | grep keyring
llaumgui  2357  0.0  0.0   2772   880 ?        S    20:20   0:00
/usr/bin/gnome-keyring-daemon
llaumgui  2467  0.0  0.1   2768  1028 ?        S    20:20   0:00
/usr/bin/gnome-keyring-daemon
llaumgui  3175  0.0  0.0   3972   528 pts/0    R+   20:33   0:00 grep keyring

A keyring lock and a message in /var/log/secure :
May  2 20:20:29 defiant gdm[2322]: pam_keyring(gdm:auth): pam_keyring: starting
gnome-keyring-daemon
May  2 20:20:29 defiant gdm[2322]: pam_keyring(gdm:auth): pam_keyring:
gnome-keyring-daemon failed to start correctly, exit code: 0


Additional info:
Comment 1 Denis Leroy 2007-05-05 08:49:53 EDT
sorry for the delay in looking at this, but my right hand is in a cast and
that's slowed down my fedora work considerably...
Comment 2 Jon Nettleton 2007-05-05 08:54:08 EDT
I know about the bug.  I have the fix, just need to get the next version rolled
out.  It will be ready for Fedora 7 definitely.
Comment 3 Denis Leroy 2007-05-05 10:08:58 EDT
Jon, could you send me a patch (if possible) ? I'll roll it into the fc7 RPM for
testing. thx :-)

Comment 4 Steve Hill 2007-05-23 15:04:06 EDT
I'm running the latest rawhide on an x86_64 and this bug still seems to be
present.  Is there a work around?
Comment 5 Simon Goodall 2007-06-10 12:32:03 EDT
Did that patch make it into F7? I'm having these problems on my F7 install.
Comment 6 Jon Nettleton 2007-06-10 12:43:03 EDT
new version coming out later today should fix this issue.  Been sick, which
limited my hacking this last week.
Comment 7 Jon Nettleton 2007-06-13 23:29:55 EDT
Sorry about the delay, I kind of got caught up in things.  This isn't an
official release, but it will fix the Fedora 7 compatibility.  I have %98 of the
pam_chauthtok stuff done, just need to iron out a couple of more bugs.  This
should satiate the masses temporarily.

http://www.hekanetworks.com/~jnettlet/pam-keyring/pam_keyring-0.0.9.tar.gz
Comment 8 Denis Leroy 2007-06-14 15:16:15 EDT
*** Bug 244256 has been marked as a duplicate of this bug. ***
Comment 9 Fedora Update System 2007-06-19 17:35:47 EDT
pam_keyring-0.0.9-1.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Matthew Saltzman 2007-06-19 22:10:21 EDT
Tried it once, and it worked fine.  I'll report back if I find any issues,
otherwise, thanks!
Comment 11 Denis Leroy 2007-06-20 04:16:03 EDT
Great
Comment 12 Guillaume Kulakowski 2007-06-20 04:35:18 EDT
Test on 4 Fedora 7 i386 : all is OK.

llaumgui@enterprise ~> ps aux | grep keyring
llaumgui  2679  0.0  0.0   2776   784 ?        S    08:21   0:00
/usr/bin/gnome-keyring-daemon
llaumgui  6794  0.0  0.0   4036   752 pts/2    R+   10:34   0:00 grep keyring
Comment 13 Mike McGuire 2007-06-26 04:18:53 EDT
Jon,

The new pam_keyring works fine, thanks.  BUT with "automatic login" enabled, you
need to manually input the "default keyring" password.  Is there a work around??

Thanks...
Comment 14 Fedora Update System 2007-07-05 15:16:49 EDT
pam_keyring-0.0.9-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Guillaume Kulakowski 2007-09-28 03:42:44 EDT
I Reopen this bug for Fedora 8 T2...
Comment 16 morgan read 2007-10-23 17:55:38 EDT
This for f7

From the "Package Details"
"The pam_keyring module allows GNOME users to automatically unlock their default
keyring using their system password when they log in..."

v0.7 from
http://www.hekanetworks.com/index.php/publisher/articleview/frmArticleID/25/staticId/31/
worked fine for me on fc5

I went to install v0.8 on my new install of f7 only to find v0.9 was already
installed, but apparently not working else I wouldn't have bothered to try and
install from
http://www.hekanetworks.com/index.php/publisher/articleview/frmArticleID/25/staticId/31/

/etc/pam.d/gdm appeared not configured for pam_keyring (another bug report
coming on) so I configured as per hekanetworks page and also pam_keyring man
page: pam_keyring still not working - have to re-sign-in to gnome keyring for
NetworkManager every time I log in.

So, are there any quirks to getting this f7 v0.9 pam_keyring working?
Comment 17 morgan read 2007-10-23 18:32:15 EDT
I just tried v0.8 from hekanetworks and that fails too
Comment 18 W. Michael Petullo 2007-10-23 23:00:51 EDT
The functionality of pam_keyring is now in gnome-keyring-pam. This package is
maintained as a part of GNOME. I recommend using that implementation instead.
Comment 19 Matthew Saltzman 2007-10-23 23:24:11 EDT
(In reply to comment #18)
> The functionality of pam_keyring is now in gnome-keyring-pam. This package is
> maintained as a part of GNOME. I recommend using that implementation instead.

...at least once it's working...

Comment 20 Denis Leroy 2007-12-02 18:52:35 EST
Works on F-8. Is this still an issue on F-7 ?
Comment 21 Matthew Saltzman 2007-12-02 19:41:44 EST
I'm still being prompted separately on login for a keyring password in F8.  Is
there something I need to do to configure gnome-keyring-pam?  (Both machines
that I'm currently using keys on are now F8.)
Comment 22 Denis Leroy 2007-12-02 19:48:53 EST
Are you using gnome-keyring-pam or pam_keyring ? F-8 has gnome-keyring-pam setup
by default now, but it's known not to work:

https://bugzilla.redhat.com/show_bug.cgi?id=356931

pam_keyring works for me, but you have to install it AND set it up manually by
editing /etc/pam.d/gdm.
Comment 23 Matthew Saltzman 2007-12-02 20:13:16 EST
I'm now using gnome-keyring-pam on F8 on both machines that have keys.  Before
upgrading, I had pam_keyring and it was working.

This was my /etc/pamd./gdm file:

#%PAM-1.0
auth       required    pam_env.so
auth       optional    pam_keyring.so try_first_pass
# auth       sufficient  pam_unix.so likeauth nullok
auth       include     system-auth
account    required    pam_nologin.so
account    include     system-auth
password   include     system-auth
session    optional    pam_keyinit.so force revoke
session    include     system-auth
session    required    pam_loginuid.so
session    optional    pam_console.so
session    optional    pam_keyring.so
Comment 24 Denis Leroy 2007-12-03 05:28:31 EST
Closing as WORKSFORME. Feel free to reopen if still having issue with
pam_keyring on F-7 or F-8. Make sure to use a correct /etc/pam.d/gdm file, such
as Matt's above.

Note You need to log in before you can comment on or make changes to this bug.