FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Desktop

 
 
LinkBack Thread Tools
 
Old 11-30-2007, 03:38 PM
Matthias Clasen
 
Default automatic unlocking of keyring

As some may remember, we turned automatic unlocking of
keyrings at login time off at a late time in the F8 schedule,
since it was not working properly with our pam configuration.

pam has meanwhile gained a new feature that will hopefully
allow this to work reliably (substack). I have built
gdm-2.21.2-0.2007.11.20.4.fc9 and gnome-keyring-2.20.2-2.fc9
in rawhide with this turned on.

Please try it and tell me if it works for you.


Matthias

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 
Old 11-30-2007, 04:10 PM
David Nielsen
 
Default automatic unlocking of keyring

fre, 30 11 2007 kl. 11:38 -0500, skrev Matthias Clasen:
> As some may remember, we turned automatic unlocking of
> keyrings at login time off at a late time in the F8 schedule,
> since it was not working properly with our pam configuration.
>
> pam has meanwhile gained a new feature that will hopefully
> allow this to work reliably (substack). I have built
> gdm-2.21.2-0.2007.11.20.4.fc9 and gnome-keyring-2.20.2-2.fc9
> in rawhide with this turned on.
>
> Please try it and tell me if it works for you.

Works for me on my Rawhide x86_64 box. Excellent I was getting tired of
unlocking that thing manually to get connected to the wifi on lock in.

- David
--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 
Old 11-30-2007, 07:32 PM
Jon Nettleton
 
Default automatic unlocking of keyring

On Fri, 2007-11-30 at 18:10 +0100, David Nielsen wrote:
> fre, 30 11 2007 kl. 11:38 -0500, skrev Matthias Clasen:
> > As some may remember, we turned automatic unlocking of
> > keyrings at login time off at a late time in the F8 schedule,
> > since it was not working properly with our pam configuration.
> >
> > pam has meanwhile gained a new feature that will hopefully
> > allow this to work reliably (substack). I have built
> > gdm-2.21.2-0.2007.11.20.4.fc9 and gnome-keyring-2.20.2-2.fc9
> > in rawhide with this turned on.
> >
> > Please try it and tell me if it works for you.
>
> Works for me on my Rawhide x86_64 box. Excellent I was getting tired of
> unlocking that thing manually to get connected to the wifi on lock in.
>

This is great news. If things look good I vote for pushing this to our
F8 users. I will test it on F8 and report back.

Jon

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 
Old 11-30-2007, 07:56 PM
Matthias Clasen
 
Default automatic unlocking of keyring

On Fri, 2007-11-30 at 15:32 -0500, Jon Nettleton wrote:
> On Fri, 2007-11-30 at 18:10 +0100, David NielI dsen wrote:
> > fre, 30 11 2007 kl. 11:38 -0500, skrev Matthias Clasen:
> > > As some may remember, we turned automatic unlocking of
> > > keyrings at login time off at a late time in the F8 schedule,
> > > since it was not working properly with our pam configuration.
> > >
> > > pam has meanwhile gained a new feature that will hopefully
> > > allow this to work reliably (substack). I have built
> > > gdm-2.21.2-0.2007.11.20.4.fc9 and gnome-keyring-2.20.2-2.fc9
> > > in rawhide with this turned on.
> > >
> > > Please try it and tell me if it works for you.
> >
> > Works for me on my Rawhide x86_64 box. Excellent I was getting tired of
> > unlocking that thing manually to get connected to the wifi on lock in.
> >
>
> This is great news. If things look good I vote for pushing this to our
> F8 users. I will test it on F8 and report back.

It'll have to wait for substack support in the F8 pam, though.
I don't know what Tomas' plans are for that. Tomas ?

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 
Old 11-30-2007, 08:25 PM
David Zeuthen
 
Default automatic unlocking of keyring

On Fri, 2007-11-30 at 11:38 -0500, Matthias Clasen wrote:
> As some may remember, we turned automatic unlocking of
> keyrings at login time off at a late time in the F8 schedule,
> since it was not working properly with our pam configuration.
>
> pam has meanwhile gained a new feature that will hopefully
> allow this to work reliably (substack). I have built
> gdm-2.21.2-0.2007.11.20.4.fc9 and gnome-keyring-2.20.2-2.fc9
> in rawhide with this turned on.
>
> Please try it and tell me if it works for you.

Nice work. Almost there:

 1. Logging in via fingerprint auth; doesn't work.. but that's expected

2. Logging in via password; unlocking keyring works fine

3. Change password

4. Logging in via password; doesn't unlock keyring

5. Change back to old password

 6. Logging in via password; unlocking keyring works fine

So I think you're missing the bit where the keyring password is updated.

HTH,
David


--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 
Old 11-30-2007, 08:43 PM
Matthias Clasen
 
Default automatic unlocking of keyring

On Fri, 2007-11-30 at 16:25 -0500, David Zeuthen wrote:
> On Fri, 2007-11-30 at 11:38 -0500, Matthias Clasen wrote:
> > As some may remember, we turned automatic unlocking of
> > keyrings at login time off at a late time in the F8 schedule,
> > since it was not working properly with our pam configuration.
> >
> > pam has meanwhile gained a new feature that will hopefully
> > allow this to work reliably (substack). I have built
> > gdm-2.21.2-0.2007.11.20.4.fc9 and gnome-keyring-2.20.2-2.fc9
> > in rawhide with this turned on.
> >
> > Please try it and tell me if it works for you.
>
> Nice work. Almost there:
>
>  1. Logging in via fingerprint auth; doesn't work.. but that's expected

That'll work once you engrave your password on your fingertip, I guess.

> 2. Logging in via password; unlocking keyring works fine
>
> 3. Change password
>
> 4. Logging in via password; doesn't unlock keyring

This would work if we added gnome-keyring support to /etc/pam.d/passwd.
The bug against authconfig to do that is still open:

https://bugzilla.redhat.com/show_bug.cgi?id=250147






--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 
Old 11-30-2007, 11:33 PM
Bastien Nocera
 
Default automatic unlocking of keyring

On Fri, 2007-11-30 at 16:43 -0500, Matthias Clasen wrote:
> On Fri, 2007-11-30 at 16:25 -0500, David Zeuthen wrote:
<snip>
> >  1. Logging in via fingerprint auth; doesn't work.. but that's expected
>
> That'll work once you engrave your password on your fingertip, I guess.

Or have the password updated in the fingerprint blob...

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 
Old 11-30-2007, 11:51 PM
Jon Nettleton
 
Default automatic unlocking of keyring

On Sat, 2007-12-01 at 00:33 +0000, Bastien Nocera wrote:
> On Fri, 2007-11-30 at 16:43 -0500, Matthias Clasen wrote:
> > On Fri, 2007-11-30 at 16:25 -0500, David Zeuthen wrote:
> <snip>
> > >  1. Logging in via fingerprint auth; doesn't work.. but that's expected
> >
> > That'll work once you engrave your password on your fingertip, I guess.
>
> Or have the password updated in the fingerprint blob...
>
That is how it was addressed when I first took over pam_keyring.
Pam_bio_api (relying on unix permissions for secrecy) had an embedded
pass-phrase in the BIR. This allowed their pam-module to authenticate
on finger-print scan then populate the AUTHTOKEN of the pam stack with
the passphrase and pass it along to other pam modules. Could be
implemented better, but has the correct idea.

Jon

--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 
Old 12-16-2007, 12:26 AM
Thomas M Steenholdt
 
Default automatic unlocking of keyring

Matthias Clasen wrote:

As some may remember, we turned automatic unlocking of
keyrings at login time off at a late time in the F8 schedule,
since it was not working properly with our pam configuration.

pam has meanwhile gained a new feature that will hopefully
allow this to work reliably (substack). I have built
gdm-2.21.2-0.2007.11.20.4.fc9 and gnome-keyring-2.20.2-2.fc9

in rawhide with this turned on.

Please try it and tell me if it works for you.


Matthias



This is actually working for me on F8 using:

gdm-2.20.2-2.fc8 and gnome-keyring-2.20.2-1.fc8

The only thing I think I changed was to move pam_gnome_keyring.so above
the system-auth line in /etc/pam.d/gdm.


If this is not supposed to work, what am I missing? I definitely unlocks
the keyring for nm_applet, evolution and various server connections.


/Thomas


--
Fedora-desktop-list mailing list
Fedora-desktop-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-desktop-list
 

Thread Tools




All times are GMT. The time now is 07:30 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org