Summary: | pam_keyring-0.0.8 fails to work with gnome-keyring-0.6.0 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Fredrik Blom <fhm.blom> |
Component: | Current packages | Assignee: | Olivier Crete (RETIRED) <tester> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | follettoonip, jklawiter, marek, olaf, pam-bugs+disabled, rdalek1967, srrijkers |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
pam_keyring-0.0.8-sigchild_dfl.patch
pam_keyring-0.0.8-compat.patch |
Description
Fredrik Blom
2007-01-29 10:17:49 UTC
Same here. I tried changing the order of entries in /etc/pam.d/gdm, but that does not help. Created attachment 111213 [details, diff]
pam_keyring-0.0.8-sigchild_dfl.patch
Applying this patch from Debian fixes it for me (it seems to have to do with gdm). It needs a modified version of pam_keyring-0.0.8-fixes.patch because of duplication between the patches.
Created attachment 111214 [details, diff]
pam_keyring-0.0.8-compat.patch
Modified version of fixes patch which I renamed to better reflect its content.
(In reply to comment #3) > Created an attachment (id=111214) [edit] > pam_keyring-0.0.8-compat.patch > > Modified version of fixes patch which I renamed to better reflect its content. > Seems to work just fine now. Nice. :) Patches seems to work correctly here too. The only problem is that now I have to enter password to gdm _twice_ . After some googling I found this one ( http://www.ee.surrey.ac.uk/Personal/R.Peel/observations.html ) which solved this issue too. In short you have to modify a pam.d/ file (system-auth) to let gdm ask you your pass only once. Maybe that file could be installed with modifications already in. (In reply to comment #5) This did not happen for me, so perhaps it is due to a different issue? (In reply to comment #6) It could be, but I don't think so. That gdm issue appeared only after I installed pam_keyring with patches in this bug. Before, with the portage one, it just asked pass once but it didnt' work. (In reply to comment #7) > (In reply to comment #6) > > It could be, but I don't think so. That gdm issue appeared only after I > installed pam_keyring with patches in this bug. Before, with the portage one, > it just asked pass once but it didnt' work. > I don't have that problem myself. Could you post your /etc/pam.d/{system-auth,gdm} so I can compare my files with yours? nip @ Lebowsky ~ $ cat /etc/pam.d/gdm #%PAM-1.0 auth optional pam_env.so auth optional pam_keyring.so try_first_pass auth include system-auth auth required pam_nologin.so account include system-auth password include system-auth session include system-auth session optional pam_console.so session optional pam_keyring.so onip @ Lebowsky ~ $ cat /etc/pam.d/system-auth #%PAM-1.0 auth required pam_env.so auth sufficient pam_unix.so likeauth try_first_pass nullok auth required pam_deny.so account required pam_unix.so password required pam_cracklib.so try_first_pass difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so try_first_pass nullok md5 shadow use_authtok password required pam_deny.so session required pam_limits.so session required pam_unix.so Here they are. In last file I've just added some try_first_pass where you see them. Sorry for the late response Sorry for the bugspam, but could the package maintainer perhaps have a look at this? It has been two months since I posted the patches that fix this. The version currently in portage does not seem to work without them. I've run into the same problem: pam_keyring writes in the ``/var/log/messages`` file: gdm[6566]: pam_keyring: gdm: pam_keyring: gnome-keyring-daemon failed to start correctly, exit code: 0 (which is funny enough, because it always fails with exit code 0) Setting the "Hardware" field to "All" would be good, as it does not work on amd64 properly as well. So I replaced ``pam_keyring-0.0.8-fixes.patch`` by the ``pam_keyring-0.0.8-compat.patch`` and added ``pam_keyring-0.0.8-sigchild_dfl.patch``, re-emerged and it works. Partly. GDM asks me twice for a password but this is some setting that has to be done in ``/etc/pam.d/system-auth``. Adding a note in a README file would be nice, though. I'll try to contact the maintainer (I think it's tester <http://www.tester.ca/>) to find a nice solution. (In reply to comment #5) > Patches seems to work correctly here too. The only problem is that now I have > to enter password to gdm _twice_ . > > After some googling I found this one ( > http://www.ee.surrey.ac.uk/Personal/R.Peel/observations.html ) which solved > this issue too. > > In short you have to modify a pam.d/ file (system-auth) to let gdm ask you your > pass only once. This issue is resolved in pam-0.99.8.1-r1 (which was unmasked recently) which already ships a `system-auth` file which works properly. The older version, pam-0.78-r5 had this problem. So the only problem now are the outdated patches. Could some Gentoo developer please add them to the portage tree, as there are numerous people (including me) who have tried them successfully. fyi, this package is going away soon, the pam module has been integrated into gnome-keyring 2.20 Happy to hear that! After all, it's just a logical thing to do :) But could you still update the current ebuild? I hope it's not that much work and it will probably stabilize faster than GNOME 2.20, so it could be still useful to people who don't use Gentoo ~arch. Thanks a lot, tester! Update: GNOME 2.20 hit stable today, and it contains gnome-keyring which provides `pam_gnome_keyring.so`. So I unmerged pam_keyring, removed all of its configuration in `/etc/pam.d/gdm` and added the configuration for GNOME PAM keyring in `/etc/pam.d/system-auth` taken from <http://planet.gentoo.org/developers/remi/2007/10/29/gnome_s_cool_features_gnome_keyring_aamp> If boils down to these lines: auth optional pam_gnome_keyring.so password optional pam_gnome_keyring.so session optional pam_gnome_keyring.so auto_start It works great, even better than before, so `sys-auth/pam_keyring` can now be safely removed from the without any problems. This bug can now be closed. its masked.. use gnome-base/gnome-keyring |