The default /etc/pam.d configuration does not unlock gnome keyring by default. Fix is quite simple. This is how `/etc/pam.d/gdm-password` should look like: ``` account include system-login auth substack system-login auth optional pam_gnome_keyring.so password required pam_deny.so password optional pam_gnome_keyring.so session substack system-login session optional pam_gnome_keyring.so auto_start ``` This adds `password optional pam_gnome_keyring.so`.
Things are working fine for most people after rework already done in pambase as part of bug 652194. You are going to have to explain/reason this more please.
I use `sys-auth/pambase-20150213-r2` and `gdm-3.24.3-r1` I get the same problem. Is the reworked `pambase` already in tree? Note that I modified `/etc/pam.d/gdm-password` which belongs to `gdm` package.
sys-auth/pambase-20150213-r2 is the reworked pambase. Is your keyring password different than login password? If yes, then automatic keyring unlocking is supposed to not work, as you haven't entered the unlock password and it isn't considered secure to just randomly unlock it without having entered the correct password. If they are the same, it can automatically unlock the keyring as well (as you entered it as login password and it worked for keyring unlock too). Is that your real problem here perhaps?
No that's not my case, the two keys are the same. It's also proven by the fact that my solution works. Adding `password optional pam_gnome_keyring.so` in `gdm-password` file is where the login password is supplied to the gnome keyrihg and now it unlocks the gnome keyring. Note: this is a fresh gentoo installation, but I had the same problem on my previous laptop. I have to double check if the rest of the pam modules are the same as in `pambase`. Since I needed to add `pam_mount` maybe I didn't merge the fix in pambase into my `/etc/` files.
pambase files are config protected. Maybe you just hadn't etc-update/dispatch-conf/whatever the fixed pambase updates, as you seem to allude as well. Please make sure you use the new pambase files, and they weren't just in ._cfg000?_*
I checked that I don't have outstanding ._cfg files, I also build the most recent `pambase` module (with `ebuild ... build`) and compared the pam files. Maybe the problem is that even though I have `gnome-keyring` use flag set for `pambase` it's not used: ``` eix -e pambase [I] sys-auth/pambase Available versions: ~*20101024-r2^b 20150213-r1^b 20150213-r2^b {consolekit +cracklib debug elogind gnome-keyring minimal mktemp +nullok pam_krb5 pam_ssh passwdqc securetty selinux +sha512 systemd} Installed versions: 20150213-r2^b(09:33:01 06/12/18)(cracklib nullok sha512 systemd -consolekit -debug -elogind -minimal -mktemp -pam_krb5 -pam_ssh -passwdqc -securetty -selinux) Homepage: https://wiki.gentoo.org/wiki/Project:PAM Description: PAM base configuration files ```
There is no gnome-keyring USE flag anymore in the new pambase revision, as it doesn't have to be conditional anymore (it is setup to be optional and so on, or something, so it applies only if pam_gnome_keyring.so is there from gnome-keyring being installed or something)
Any news/updates on your end on this?
