Bug 351411 - nm-applet repeatedly requests to unlock default keyring for WPA Enterprise [NEEDINFO]
nm-applet repeatedly requests to unlock default keyring for WPA Enterprise
Product: Fedora
Classification: Fedora
Component: gnome-keyring (Show other bugs)
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Tomáš Bžatek
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2007-10-24 17:43 EDT by Casey Goodlett
Modified: 2018-04-11 02:57 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-07-14 12:33:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
dcbw: needinfo? (alexl)

Attachments (Terms of Use)

  None (edit)
Description Casey Goodlett 2007-10-24 17:43:49 EDT
Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 Casey Goodlett 2007-10-24 17:47:50 EDT
Description of problem:

Trying to connect to a WPA enterprise with TTLS/PAP using NetworkManager.  After
entering the certificate, username, and password and clicking connect the
keyring dialog pops up requesting for nm-applet to unlock the default keyring. 
After entering the correct password and clicking ok, the same unlock dialog

Version-Release number of selected component (if applicable):


How reproducible:
Every time

Steps to Reproduce:
1. Select WPA Enterprise network in NetworkManager
2. Enter information
3. Type password to unlock keyring

Actual results:
dialog to unlock keyring reappears

Expected results:
keyring is unlocked
Comment 2 Dan Williams 2007-10-25 07:09:43 EDT
Could you try svn3020 when it hits rawhide?  It's unlikely earlier versions
would work correctly with certificates, which caused NM to ask for the
configuration a lot (because it would fail to connect).
Comment 3 Casey Goodlett 2007-10-25 14:19:31 EDT
The problem continues with svn3020.  Just to clarify its the gnome-keyring
dialog which reappears not the NM configuration dialog.
Comment 4 Adam Huffman 2007-10-29 15:29:08 EDT
I'm seeing this with svn3030, albeit with WPA PSK, not Enterprise.

In fact, if I click on Deny, authentication seems to proceed anyway,
Comment 5 Rodd Clarkson 2007-10-29 21:46:49 EDT
Alright, I don't think this is NM, I think this is gnome-keyring.

I'm assuming you've set up a new WPA connection and after entering the
passphrase, you've been prompted for the gnome-keyring password to store
the passphrase.

Since you can't enter the password for the keyring, you'll be prompted
for the WPA passphrase again next time you connect.

I'm having the same problem in evolution.  I've set up a IMAP account
for my gmail account and I have to retype the password each time I
restart evolution, because I can't store the imap password in the
keyring since gnome-keyring won't accept my keyring password.  I can
unlock items in the keyring using the keyring password (like my NM WPA
information) but not store anything.

So to confirm, I'm seeing the same issue, but when trying to store a password in
the keyring for evolution.
Comment 6 Casey Goodlett 2007-10-30 00:18:45 EDT
I agree that this is probably a gnome-keyring issue now.  I just noticed that an
additional keyring login.keyring was created.  Deleting the login.keyring
removed the problem for me.  I think it was being used as the default keyring
instead of default.keyring.
Comment 7 Dan Williams 2007-10-31 18:38:23 EDT
Over to alex then; jrb also reports that clearing the keyring fixes it too.  Is
this fixed to your satisfaction alex?
Comment 8 Matěj Cepl 2007-11-26 16:56:55 EST
Just to note, that removing login.keyring helped me.
Comment 9 Rodd Clarkson 2007-11-28 22:36:16 EST
This is the second time I've had login.keyring 'created' for me and then had to
remove it to resolve these sorts of issues.  Should this be files as a separate bug?
Comment 10 Casey Goodlett 2008-01-29 15:33:18 EST
I just noticed that I can consistently reproduce creation of login.keyring by
locking and unlocking the screen with gnome-screensaver.  The following line is
created in /var/log/secure when I do this.

Jan 29 13:30:08 localhost gnome-screensaver-dialog: gkr-pam: created 'login' keyring
Comment 11 Casey Goodlett 2008-02-11 18:12:35 EST
In a further test locking the screen and then entering an incorrect password is
what results in the creation of login.keyring .  If I lock and unlock with the
correct password the problem does not occur, but if I enter the wrong password
and then the correct password login.keyring is created.
Comment 12 Simon Goodall 2008-05-13 04:59:29 EDT
I'm having the same problem with extra keyring files being created. My default
keyring is "login" and I get a new keyring file called login1.keyring created.
I've had this problem in both F8 and current rawhide.
Comment 13 David Juran 2008-05-13 07:55:52 EDT
Is this issue related to bug 250147? And why is it in NEEDINFO from alexl when
Alex is not even subscribed to it?
Comment 14 Rodd Clarkson 2008-05-13 23:16:06 EDT
This has re-occurred for me too recently.
Comment 15 Bug Zapper 2008-05-13 23:43:32 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
Comment 16 Brennan Ashton 2008-06-07 21:12:16 EDT
Reporter, could you please reply to the previous question? If you won't reply in
one month, I will have to close this bug as INSUFFICIENT_DATA. Thank you.
Comment 17 Adam Huffman 2008-06-08 17:11:27 EDT
I'm not the original reporter but I'm still seeing this on F9, particularly
after resuming from suspend to RAM.
Comment 18 Rodd Clarkson 2008-06-08 19:18:06 EDT
In a related way, NM still seems to want to create a new keyring when I connect
to new APs.  This creates a second keyring, and resulting confusion over which
keyring is being used.

Why can't NM just use the existing keyring?
Comment 19 Dan Williams 2008-06-09 13:49:53 EDT
It uses the 'default' keyring by passing NULL as the keyring argument for calls
like gnome_keyring_item_create().  The argument explanation for that argument is:

"The name of the keyring in which to create the item, or NULL for the default

Right now, the applet doesn't do anything special to select a keyring, it simply
always uses whatever the gnome-keyring's idea of the 'default' keyring is.

I think there are some issues between the normal keyring and the 'login'
keyring, it's apparently a tossup which one gets used and sometimes you get keys
in one keyring but not the other keyring.  I haven't looked into this yet.

But the applet _code_ hasn't changed in this respect since the beginning of
time, so the behavioral changes that ask you for a different keyring than your
defualt keyring (ie, the login keyring) are outside of the applet and probably
caused by the 'login' keyring stuff that hit F8 and F9.
Comment 20 Bug Zapper 2009-06-09 19:07:09 EDT
This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '9'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 9's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 9 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
Comment 21 Bug Zapper 2009-07-14 12:33:39 EDT
Fedora 9 changed to end-of-life (EOL) status on 2009-07-10. Fedora 9 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.