You're viewing a single post. I have much more to say! The main blog page is a good starting point.

Password hell, part II

Tuesday, August 22, 2006 ★ 13:06 ★ Categories Gnome, Linux

It works: single sign-on in GDM with both ssh keys and Gnome keyring! See below for more information.

This is an update on my previous article about the password hell.

Several people have pointed me at pam-keyring. I’ve built and installed this package and included the necessary lines in /etc/pam.d/gdm, but it doesn’t seem to do anything on login (no keyring environment variables are set, no output in log files). On logout, these lines are logged to /var/log/auth.log:

pam_keyring: received order to close session
pam_keyring: could not retrieve gnome-keyring-deamon PID

I’ve done an initial Debian package of pam-keyring. I’m not familiar with Debian packaging (I’m just a happy user) so I’m not planning to maintain or support it. Please contact me if you want my debian/ directory which builds and installs the package correctly.

If anyone can be of some help, that would be greatly appreciated.

Btw, it seems the NetworkManager guys are also aware of the problem. They seem to take a different approach, though (system-wide configuration): Bug 331529 has more information.

Update: If I change an if statement in the code to if(1) it seems to work, but only when using “su – uws” (this uses /etc/pam.d/su). GDM and ssh logins (/etc/pam.d/gdm or /etc/pam.d/ssh, respectively) still don’t work…

Update 2: I’ve fiddled somewhat with my pam files and now it works (after a GDM restart). I’ve put the pam-gnome-keyring inclusions in the pam files before the pam-ssh inclusions and I tried some other stuff as well (such as rm -rf /tmp/keyring*), but I don’t remember exactly what I did…

Update 3: One of the Debian NetworkManager maintainers asked for the debian/ directory of my initial package. I hope apt-get install libpam-gnome-keyring will be working soon…