Johnny Chadda .se

Does not work.
Did all above steps, here is my GDM:
#%PAM-1.0
auth requisite pam_nologin.so
auth required pam_env.so readenv=1
auth required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth optional pam_gnome_keyring.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_limits.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional pam_gnome_keyring.so auto_start
@include common-password
auth optional pam_keyring.so try_first_pass
session optional pam_keyring.so
@include common-pamkeyring

Reboot (autologin), get the same annoying window again. Too annoying, booting Windows.

Just forget about unlocking automatically default keyring if you are using fingerprint authorization on login.

Automatic unlocking relays on capturing password you typed in. :(

https://bugs.launchpad.net/gnome-keyring/+bug/2...

Too bad! Hopefully it will be fixed in an upcoming release. (if it's at all possible)

this works!!! i have intrepid and I really needed this and couldn't find it anywhere

the advice in https://help.ubuntu.com/community/NetworkManager gave me infinite authentication error dialogs

I'm glad it worked out for you!

Works great in Fedora 8 too, just install the module using this command:
yum install pam_keyring
and edit the config file as above.

Thanks!

Hi, I've tried that in Hardy.
The package to install is libpam-gnome-keyring.
However, it still requires the password to unlock keyring.
I do login with by means of fingerprint reader.
Please help...
Thanks!

Any word on this for guesy (7.10)?

[quote comment="47760"]I am setting up 10 machines with ubuntu at an office and they don't want to have to type any passwords when starting the computer. I am using auto-login and I have tried the fix on this page to get past the keyring manager but it doesn't work for auto-login.

all the passwords are just set to "password". is there some way that I can put the actual password directly into the configuration file so that the keyring always knows it. security is not an issue and the password will never change[/quote]
Not sure to be honest, but perhaps adding "@include common-pamkeyring" to /etc/pam.d/gdm-autologin and reset the keyrings could help.

Gutsy comes with this automatically, but I am not sure if it works with passwordless logins.

I am setting up 10 machines with ubuntu at an office and they don't want to have to type any passwords when starting the computer. I am using auto-login and I have tried the fix on this page to get past the keyring manager but it doesn't work for auto-login.

all the passwords are just set to "password". is there some way that I can put the actual password directly into the configuration file so that the keyring always knows it. security is not an issue and the password will never change

[quote comment="43717"]Whoops - I wrote too soon. The "unlock keyring" prompt for an autologin user seems to be bypassed only after some user has already unlocked the keyring.[/quote]
Yes, perhaps it's best to not use auto-login? A simple password could perhaps be an alternative.

Is the keyring for the auto-login user without a password? Otherwise it will not work.

[quote comment="43716"][quote comment="43706"]That worked - putting "@include common-pamkeyring" in /etc/pam.d/gdm-autologin did give my no-password user wireless access without having to enter a password to unlock the keyring. Thanks![/quote]
Great! Thanks for sharing the information.[/quote]
Whoops - I wrote too soon. The "unlock keyring" prompt for an autologin user seems to be bypassed only after some user has already unlocked the keyring.

Here is how I tested it:
Immediately after booting my laptop, logging in as the autologin user triggered the "unlock keyring" prompt, even after adding "@include common-pamkeyring" to /etc/pam.d/gdm-autologin. I entered the keyring password and was connected to the wireless network. I then logged off, logged in again as the autologin user, and did NOT get the "unlock keyring" prompt. Likewise, if I booted the laptop, logged in as a passworded user (who automatically unlocked the keyring because "@include common-pamkeyring" in in /etc/pam.d/gdm), logged off, and logged in as the autologin user, I did NOT get the "unlock keyring" prompt.

Seems a bit odd that the system remembers whether the keyring was unlocked after the user who unlocked it has logged off - but maybe that's why they call it "common" (like "shared"?). Anyway, I wish I could just add users to a group to indicate who should get automatic access to my wireless network.

[quote comment="43706"]That worked - putting "@include common-pamkeyring" in /etc/pam.d/gdm-autologin did give my no-password user wireless access without having to enter a password to unlock the keyring. Thanks![/quote]
Great! Thanks for sharing the information.

[quote comment="21669"][quote comment="21666"]Only it does not work when one uses autologin - which means that the users who would want this the most (i.e. those who are too lazy to even log in - for example, me) cannot use it. I contacted the developer so I hope this gets fixed.[/quote]
I have never used autologin, but try adding this to /etc/pam.d/gdm-autologin instead:
@include common-pamkeyring[/quote]
That worked - putting "@include common-pamkeyring" in /etc/pam.d/gdm-autologin did give my no-password user wireless access without having to enter a password to unlock the keyring. Thanks!

[quote comment="30768"]1. Edit using the text editor? I tried that but I can't save because I don't have permissions on that file.

2. In the second part, after 'pass' do you hit the enter key or a space to continue typing?

3. Are there any special little characters that I need to enter in that second part? Prefix or something?[/quote]
Do as Scott pointed out and write this instead:

@include common-pamkeyring

To edit the file in the Gnome text editor, open a terminal and write gksudo gedit /etc/pam.d/gdm and it should open up the file as the root user. Just add the above line to the bottom, save and you should be all set.

Good luck.

Hi,
I'm new to linux so please hear me out.

I have three question about the above information.

When you say

Edit /etc/pam.d/gdm and add the following in the bottom:

auth optional pam_keyring.so try_first_pass
session optional pam_keyring.so

1. Edit using the text editor? I tried that but I can't save because I don't have permissions on that file.

2. In the second part, after 'pass' do you hit the enter key or a space to continue typing?

3. Are there any special little characters that I need to enter in that second part? Prefix or something?

Thanks again.

Miguel

[quote comment="29877"]Thanks Johnny and commenters! This was really winding me up. It does seem mad to be prompted for a password just after entering your login/password.[/quote]
Great that you found it useful. The Ubuntu people should probably have done this by default, or at least given users the option when using the keyring for the first time.

Thanks Johnny and commenters! This was really winding me up. It does seem mad to be prompted for a password just after entering your login/password.

[quote comment="29231"]I've tried that, and I still have to enter the keyring password every time I boot up. But I'm also using kdm to log in (instead of gdm) because I use KDE about 75% of the time. Could that be the problem, and if it is, how can I fix the keyring password problem for my situation?[/quote]
Yes, kdm is the problem. Add it to the /etc/pam.d/kdm file instead.

Note that this will only work using the Gnome keyring, and not the one in Kde.

I've tried that, and I still have to enter the keyring password every time I boot up. But I'm also using kdm to log in (instead of gdm) because I use KDE about 75% of the time. Could that be the problem, and if it is, how can I fix the keyring password problem for my situation?

[quote comment="27063"]After installing libpam_keyring I cant log in to gnome at all, but I can go to command line and work from there.

Do you have any suggestions?[/quote]
Well, I'm guessing you replaced the entries in the /etc/pam.d/gdm file with @include common-pamkeyring, but you must only append it to the already existing lines.

Hi there-
I tried this out, and was quite excited. I installed and edited the gdm file, and logged out, preparing for a satisfying log-in. Only to find that I could no longer log in.

After installing libpam_keyring I cant log in to gnome at all, but I can go to command line and work from there.


Do you have any suggestions?

[quote comment="22065"]Doesn't this mean you are using the same plaintext password for both your login as well as keyring? Otherwise how would this work?[/quote]
Well, yes. The password isn't stored anywhere on the system though. pam-keyring just passes on the authentication to the Gnome Keyring daemon. Read more at the website of libpam-keyring

I guess you could argue that it would not be a good security practice to use the same password, but that is one security trade-off I am willing to do for the sake of usability. You could always lock the keyring manually if you don't have a habit of locking your computer when you are not there.

Doesn't this mean you are using the same plaintext password for both your login as well as keyring? Otherwise how would this work?

[quote comment="21666"]Only it does not work when one uses autologin - which means that the users who would want this the most (i.e. those who are too lazy to even log in - for example, me) cannot use it. I contacted the developer so I hope this gets fixed.[/quote]
I have never used autologin, but try adding this to /etc/pam.d/gdm-autologin instead:
@include common-pamkeyring

Only it does not work when one uses autologin - which means that the users who would want this the most (i.e. those who are too lazy to even log in - for example, me) cannot use it. I contacted the developer so I hope this gets fixed.

[quote comment="19192"]It's better to follow the README.Debian instructions and instead append the following to the end of /etc/pam.d/gdm:

@include common-pamkeyring[/quote]
Good call, I'll try it out. Thanks!

It's better to follow the README.Debian instructions and instead append the following to the end of /etc/pam.d/gdm:

@include common-pamkeyring

I think it should be the default in Feisty. So I reported a bug :
https://bugs.launchpad.net/ubuntu/ source/gnome-keyring/ bug/87070

[quote comment="18834"]Hi,

I really agree that wireless in Feisty rocks hard!

One comment: The example dialouge box on your page that asks about password for "default keyring". I was wondering if a different wording might be better. I am not really sure that I understand what a keyring is, and I am even less sure that someone new to Linux would. Do you think there could be a more user friendly wording?

Keep up the good work :)[/quote]
Well yes, that specific dialog is not from the network manager since that doesn't show up anymore. I just used another one laying around, but you are right, I should have been more clear.

Regarding the keyring, it is basically an encrypted storage for your password. You can view it in the Keyring manager found in the Control center.

Thanks!

Hi,

I really agree that wireless in Feisty rocks hard!

One comment: The example dialouge box on your page that asks about password for "default keyring". I was wondering if a different wording might be better. I am not really sure that I understand what a keyring is, and I am even less sure that someone new to Linux would. Do you think there could be a more user friendly wording?

Keep up the good work :)

[quote comment="18828"]Oh the pain, the pain! Why can't this be in Edgy?

Time to go backport hunting.[/quote]
Just two months left until the Feisty release, so if you don't want to run beta software just hang in there.

Oh the pain, the pain! Why can't this be in Edgy?

Time to go backport hunting.