I simply could not get the ldap based login via pam_ldap.so combined with the automatic unlock of my keyring via sys-auth/pambase[gnome-keyring].
It might be worth to write some documentation about this as it should be intersting for other users too.
this is it's something the gnome team would deal with, so we'd need to know what to put in our guide.
but my first guess is that you have something screwed up on your system; this sounds like a bug, as i haven't had any such issues. might want to check the forums.
gnome team: any ideas?
also, unless we're folding it into an existing guide like the Gnome doc, this is is something that would better fit on the gentoo wiki, wiki.gentoo.org, which the gdp does not control. you're free to write something there, if you wish. :)
I had (currently disabled) a ldap based + automatic gnome-keyring unlock setup and it worked perfectly fine. To figure out your problem, you'd have to explain your exact setup + pam files + what password are stored where and which you're using to login.
Created attachment 298607 [details]
So this it what I did. Initially the setup was without ldap based authentication and the unlocking went fine. I followed what was written in the ldap guide (http://www.gentoo.org/doc/en/ldap-howto.xml) to add the ldap support. Basic login with a ldap account is fine. But neither for the ldap nor for the local account the keyring unlock works. Please find attached the system-auth.
I am not an pam expert, but could it be that the "sufficient" blocks the "optional" rules?
sys-auth/pambase-20101024-r1[consolekit cracklib gnome-keyring sha512]
sys-libs/pam-1.1.5[berkdb cracklib elibc_glibc nls]
I removed the ldap support and the unlock works again.
What is the status of this with Gnome 3.8 and updated system?
Can't test it anymore, because I needed to drop G3.8 from that machine.
Would be nice to try with 3.8 if possible since the keyring/unlocking stuff changed a lot since 2.32 (looks like finally is working ok on all the machines I maintain ;))
Sadly I don't run gnome on that box anymore, so I cannot test it.