FS#55950 - [lightdm] [gnome-keyring] Keyring not unlocked on initial autologin - works on subsequent sessions

Attached to Project: Arch Linux
Opened by Adam Hirst (aphirst) - Wednesday, 11 October 2017, 13:00 GMT
Last edited by Maxime Gauduin (Alucryd) - Thursday, 22 September 2022, 15:56 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Maxime Gauduin (Alucryd)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:
I've already mentioned this on IRC and in the forums (https://bbs.archlinux.org/viewtopic.php?id=230762) but haven't gotten much feedback.

Basically, I followed the instructions on the LightDM ArchWiki page to set my user account to autologin, and set up a gnome-keyring for e.g. SSH, GPG keys. No matter what I first tried, I couldn't get the keyring to automatically unlock.

However, I eventually noticed that the keyring DID unlock after logging out, then logging back in through lightdm (manually, with my account password). Furthermore, this is with the keyring password set to my account password, not blank (which contradicts statements on the wiki, insisting that the password be blank when not using GNOME).

Additional info:
* package version(s)

lightdm 1:1.22.0-1
lightdm-gtk-greeter 1:2.0.2-1
lightdm-gtk-greeter-settings 1.2.1-5

openbox 3.6.1-3

gnome-keyring 1:3.20.0+57+g9db67ef6-1
libgnome-keyring 3.12.0-2


* config and/or log files etc.
Other than making the requisite changes to lightdm.conf to enable autologin (and adding my user account to the autologin group) there isn't really anything to speak of, other than ~/.pam_environment:

SSH_AGENT_PID DEFAULT=
SSH_AUTH_SOCK DEFAULT="${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh"

which pertains to GPG support. I have the exact same issue on 2 machines, one of which is a fresh Arch installation.

I'll reproduce the issue again on both machines later, and try to work out which logs are relevant, and post them.


Steps to reproduce:
* use LightDM with the GTK-Greeter, enable the lightdm service
* set up an account for autologin
* set up a keyring with either no password or the user password, named "Login" (marked as the 'default' keyring)
* clean boot, automatic login is successful, but keyring is locked
* log out of openbox session, log in via lightdm with password
* keyring is now unlocked
This task depends upon

Closed by  Maxime Gauduin (Alucryd)
Thursday, 22 September 2022, 15:56 GMT
Reason for closing:  No response
Comment by Jan de Groot (JGC) - Wednesday, 11 October 2017, 13:52 GMT
This simply won't work.

The password is passed to gnome-keyring trough PAM. If you don't enter your password there's no way to unlock your keyring on login. GDM has the same issue and also needs manual unlock.

When you logout and do a manual login, you provide the password, it passes the PAM system and gnome-keyring becomes unlocked.
Comment by Adam Hirst (aphirst) - Wednesday, 11 October 2017, 15:17 GMT
I see. The Wiki pages on LightDM and gnome-keyring gave me the strong impression that this would be possible.

From LightDM:
Note: GNOME users, and by extension any gnome-keyring user will have to set up a blank password to their keyring for it to be unlocked automatically.

From gnome-keyring:
(Without a display manager)
If you are using automatic login, then you can disable the keyring manager by setting a blank password on the login keyring.

(With a display manager)
The following display managers automatically unlock the keyring once you log in: GDM, SLiM, LightDM, LXDM

---

I'll note that, at least last time I checked, I got this "won't unlock on boot, but will when re-logging-in" behaviour with the keyring password being EITHER my login password OR blank, but I'll go double-check that now.
Comment by Adam Hirst (aphirst) - Wednesday, 11 October 2017, 15:22 GMT
OK, I just unset the password (i.e. set it to blank), and confirm the same behaviour I described. The keyring opens gladly in seahorse with a single click, so I wonder why lightdm refuses to unlock it in this instance.
Comment by Maxime Gauduin (Alucryd) - Tuesday, 06 September 2022, 14:24 GMT
Is this still happening?

Loading...