FS#55950 - [lightdm] [gnome-keyring] Keyring not unlocked on initial autologin - works on subsequent sessions
Attached to Project:
Arch Linux
Opened by Adam Hirst (aphirst) - Wednesday, 11 October 2017, 13:00 GMT
Last edited by Maxime Gauduin (Alucryd) - Thursday, 22 September 2022, 15:56 GMT
Opened by Adam Hirst (aphirst) - Wednesday, 11 October 2017, 13:00 GMT
Last edited by Maxime Gauduin (Alucryd) - Thursday, 22 September 2022, 15:56 GMT
|
Details
Description:
I've already mentioned this on IRC and in the forums (https://bbs.archlinux.org/viewtopic.php?id=230762) but haven't gotten much feedback. Basically, I followed the instructions on the LightDM ArchWiki page to set my user account to autologin, and set up a gnome-keyring for e.g. SSH, GPG keys. No matter what I first tried, I couldn't get the keyring to automatically unlock. However, I eventually noticed that the keyring DID unlock after logging out, then logging back in through lightdm (manually, with my account password). Furthermore, this is with the keyring password set to my account password, not blank (which contradicts statements on the wiki, insisting that the password be blank when not using GNOME). Additional info: * package version(s) lightdm 1:1.22.0-1 lightdm-gtk-greeter 1:2.0.2-1 lightdm-gtk-greeter-settings 1.2.1-5 openbox 3.6.1-3 gnome-keyring 1:3.20.0+57+g9db67ef6-1 libgnome-keyring 3.12.0-2 * config and/or log files etc. Other than making the requisite changes to lightdm.conf to enable autologin (and adding my user account to the autologin group) there isn't really anything to speak of, other than ~/.pam_environment: SSH_AGENT_PID DEFAULT= SSH_AUTH_SOCK DEFAULT="${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh" which pertains to GPG support. I have the exact same issue on 2 machines, one of which is a fresh Arch installation. I'll reproduce the issue again on both machines later, and try to work out which logs are relevant, and post them. Steps to reproduce: * use LightDM with the GTK-Greeter, enable the lightdm service * set up an account for autologin * set up a keyring with either no password or the user password, named "Login" (marked as the 'default' keyring) * clean boot, automatic login is successful, but keyring is locked * log out of openbox session, log in via lightdm with password * keyring is now unlocked |
This task depends upon
Closed by Maxime Gauduin (Alucryd)
Thursday, 22 September 2022, 15:56 GMT
Reason for closing: No response
Thursday, 22 September 2022, 15:56 GMT
Reason for closing: No response
The password is passed to gnome-keyring trough PAM. If you don't enter your password there's no way to unlock your keyring on login. GDM has the same issue and also needs manual unlock.
When you logout and do a manual login, you provide the password, it passes the PAM system and gnome-keyring becomes unlocked.
From LightDM:
Note: GNOME users, and by extension any gnome-keyring user will have to set up a blank password to their keyring for it to be unlocked automatically.
From gnome-keyring:
(Without a display manager)
If you are using automatic login, then you can disable the keyring manager by setting a blank password on the login keyring.
(With a display manager)
The following display managers automatically unlock the keyring once you log in: GDM, SLiM, LightDM, LXDM
---
I'll note that, at least last time I checked, I got this "won't unlock on boot, but will when re-logging-in" behaviour with the keyring password being EITHER my login password OR blank, but I'll go double-check that now.