Some recent update broke the pam based unlocking of the keyring: sys-auth/pambase-20101024 consolekit cracklib gnome-keyring sha512 ssh -debug -kerberos -minimal -mktemp -passwdqc -selinux sys-libs/pam-1.1.3 berkdb cracklib elibc_glibc nls -audit -debug -elibc_FreeBSD -selinux -test -vim-syntax gnome-base/libgnome-keyring-2.30.1 gnome-base/gnome-keyring-2.30.3 pam -debug -doc -test app-crypt/seahorse-2.30.1 ldap libnotify -avahi -debug -doc -test app-crypt/seahorse-plugins-2.30.1-r1 applet libnotify -debug -gedit -nautilus -test cat /etc/pam.d/gdm #%PAM-1.0 auth optional pam_env.so auth include system-login auth required pam_nologin.so auth optional pam_gnome_keyring.so account include system-login password include system-login session include system-auth session optional pam_gnome_keyring.so auto_start $ einfo Portage 2.1.9.24 (default/linux/amd64/10.0, gcc-4.5.1-asneeded, glibc-2.12.1-r3, 2.6.35-gentoo-r12 x86_64) ================================================================= System uname: Linux-2.6.35-gentoo-r12-x86_64-Intel-R-_Core-TM-_i7_CPU_860_@_2.80GHz-with-gentoo-2.0.1 Timestamp of tree: Thu, 18 Nov 2010 11:15:02 +0000 distcc 3.1 x86_64-pc-linux-gnu [disabled] ccache version 2.4 [enabled] app-shells/bash: 4.1_p7 dev-java/java-config: 2.1.11-r1 dev-lang/python: 2.6.6-r1, 3.1.2-r4 dev-util/ccache: 2.4-r8 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 2.0.1-r1 sys-apps/openrc: 0.6.4 sys-apps/sandbox: 2.3-r1 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.6.3-r1, 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.5.1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.4 sys-devel/make: 3.81-r2 virtual/os-headers: 2.6.35 (sys-kernel/linux-headers) ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=core2 -frecord-gcc-switches -mssse3 -mcx16 -mmmx -msse4 -g -Wall -Wimplicit-function-declaration -Wmissing-include-dirs" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/nano/ /usr/share/openvpn/easy-rsa /var/lib/hsqldb /var/spool/torque" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -pipe -march=core2 -frecord-gcc-switches -mssse3 -mcx16 -mmmx -msse4 -g -Wall -Wmissing-include-dirs -Wenum-compare" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="-t --jobs=12 --load-average=12 --keep-going" FEATURES="assume-digests binpkg-logs buildsyspkg ccache collision-protect distlocks fixlafiles fixpackages news noinfo parallel-fetch protect-owned sandbox sfperms sign split-log splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync" FFLAGS="-O2 -pipe -march=core2 -frecord-gcc-switches -mssse3 -mcx16 -mmmx -msse4 -g -Wall" GENTOO_MIRRORS=" http://gentoo.j-schmitz.net/mirror/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo ftp://ftp.tu-clausthal.de/pub/linux/gentoo/" LANG="en_GB.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-O1,--hash-style=gnu,--sort-common" LINGUAS="en" MAKEOPTS="-j12 -l12" PKGDIR="/usr/portage/packages" PORTAGE_COMPRESS="lzma" PORTAGE_COMPRESS_FLAGS="-z -9 -f -S .lzma -v" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/science /data/local/sunrise/sunrise /data/local/sunrise/reviewed /data/local/dummy /data/local/last-hope" SYNC="rsync://rsync.j-schmitz.net/gentoo-portage" USE="64bit 7zip X acpi additions alsa amd64 arpwarp bash-completion berkdb branding bzip2 c++ cairo cblas ccache cleartype cli command-args corefonts cracklib cups cupsddk custom-optimization cxx dbus dri dts exif fbcondecor fortran gdbm gif glibc-omitfp gmp gnome gnome-keyring gpm graphics gstreamer gtk hddtemp iconv icu java javascript jpeg kqemu lapack lcms ldap libnotify libsexy lm_sensors lzma mailtrain md5sum mmx modules mp3 mudflap multilib multiuser nagios-dns nagios-ntp nagios-ping nagios-ssh nano-syntax ncurses network-cron nis nls nptl nptlonly nsplugin objc objc++ opengl openmp openntpd pam pcre pdf perl png pppd pymol python qt-static qt3support readline rrdcgi rrdtool science sensord session smp sqlite sqlite3 sse sse2 ssl startup-notification svg sysfs system-sqlite tcpd threads tiff truetype type1 unicode x264 xcb xcomposite xinerama xorg xulrunner zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" PHP_TARGETS="php5-2" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_RSYNC_EXTRA_OPTS
Diego, Could this be a pam problem?
Could, but: a) does it fail to unlock with gdm or with login(1)? b) do you have the same password set for both? c) what do you use for logging in, standard password or ssh key? d) please don't CC me directly, there is an alias, even though it only has two devs on it.
(In reply to comment #2) > Could, but: > > a) does it fail to unlock with gdm or with login(1)? How can I test this? login into a virtual console? there it seems to work. > b) do you have the same password set for both? They are the same. I rechecked that. > c) what do you use for logging in, standard password or ssh key? I use standard login. I didn't change it. > d) please don't CC me directly, there is an alias, even though it only has two > devs on it. > Sorry for that. I wasn't aware that you are not the only pam dev.
(In reply to comment #2) > Could, but: > > a) does it fail to unlock with gdm or with login(1)? > b) do you have the same password set for both? > c) what do you use for logging in, standard password or ssh key? But I added USE=ssh lately because I might want to try it. Will test to revert it.
So confirmed, pam[ssh] breaks the unlocking.
Are you logging in with your normal password or SSH? If the latter, then that's definitely the intended behaviour as you're not using a password acceptable for gnome-keyring…
(In reply to comment #6) > Are you logging in with your normal password or SSH? If the latter, then that's > definitely the intended behaviour as you're not using a password acceptable for > gnome-keyring… > As the passwd are both the same I didn't know. A check with different passwords reveals, that I did log in with SSH and not the normal passwords. So using the normal passwd is alright.
Okay so this happens to be … a GDM bug! If you look at the pambase way to integrate gnome-keyring, it is applied _before_ the system-auth chain… while GDM applies it _after_ the chain…
Could bug #267130 be also related to this ?
Could be… see why I said that GDM should follow pambase and not try to replace it?
yes sure, however, on the weekend I tried to implement what you said in the other bug in gdm-2.32 and results are a bit strange to say the least. But I'll try that again when I've got my (real life) desk ready.
I have no unlocking problems at all with Gnome 2.32 and gdm-2.20.11, with pambase-20101024 (with "pam_ssh" USE flag enabled) and pam_ssh-1.97-r2 Are you still having issues?
(In reply to comment #12) > I have no unlocking problems at all with Gnome 2.32 and gdm-2.20.11, with > pambase-20101024 (with "pam_ssh" USE flag enabled) and pam_ssh-1.97-r2 > > Are you still having issues? > I tried the same versions as you did and it still fails. All passwords are the same, keyring is set as default. If pam_ssh.so is set to be sufficient for authentication and session the keyring is not unlocked, otherwise it is. I will try with pam_ssh*-r3
@gnome, the pam files installed by gdm are broken as hell if you didn't follow the various bug reports with diego. I'll work with him to fix the situation asap.
OK, also looks today I am getting keyring problems after rebooting (sorry I didn't rebooted for testing this), will try to drop "pam_ssh" again
I don't think gdm-2 will ever be fixed for pam bugs, maybe you should consider trying gdm-3 :/
What is the status of this with gdm-3?
Please test again with gdm-3.8.3.1, we are using upstream pam file now, if still broken, we need to find the culprit and report to them also Thanks
