[Bug 723339] New: login keyring is not created
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c0 Summary: login keyring is not created Classification: openSUSE Product: openSUSE 12.1 Version: Factory Platform: x86-64 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: m.moeller@opensuse.org QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 It would be great if a login keyring would be created, using pam. If so it wouldn't be necessary to re-enter the password on keyring open. Reproducible: Always Steps to Reproduce: 1. login 2. open an application that requires keyring 3. you are asked to create a new keyring Actual Results: keyring does not make use of login credentials Expected Results: there should be a login keyring, making it unnecessary to re-enter the password. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c1 Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |vuntz@suse.com InfoProvider| |m.moeller@opensuse.org --- Comment #1 from Vincent Untz <vuntz@suse.com> 2011-10-11 17:11:58 UTC --- It should be created. Are you using autologin? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c2 --- Comment #2 from Marcus Moeller <m.moeller@opensuse.org> 2011-10-11 18:08:13 UTC --- No, I log in manually. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c3 --- Comment #3 from Vincent Untz <vuntz@suse.com> 2011-10-11 21:30:18 UTC --- Hrm. Could it be that you created a keyring once, but not during login (maybe after an initial autologin)? Can you test with a brand new user? Can you also grep your /var/log/messages for gkr-pam and keyring? (I assume you're using GNOME, btw.) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c4 --- Comment #4 from Marcus Moeller <m.moeller@opensuse.org> 2011-10-17 19:21:30 UTC --- I have not created a keyring, manually. And I am using GNOME 3.2, of course ;) I could also reproduce the problem on a fresh install. Maybe the difference is that I have not set up sudo (use this password for the administrator account) during installation. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c5 Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- InfoProvider|m.moeller@opensuse.org |coolo@suse.com Summary|login keyring is not |pam configuration broken |created |for gnome-keyring --- Comment #5 from Vincent Untz <vuntz@suse.com> 2011-10-20 07:06:06 UTC --- Okay, we're back with an old issue: gnome-keyring-pam is misconfigured after installation: /etc/pam.d/ has only a partial gnome-keyring configuration as /etc/pam.d/common-auth doesn't contain the pam_gnome_keyring bits. It's worth mentioning that /etc/pam.d/common-session and /etc/pam.d/common-password both contain the pam_gnome_keyring bits, so there is something tweaking the pam configuration without pam-config, and it breaks gnome-keyring. I'm afraid it might be some hack we run on the live images. At least when looking at the pam configuration on a live image, I see the pam_gnome_keyring bits are commented in common-auth, so maybe the installed system inherits that. Coolo, do you know where the pam configuration is tweaked for live systems? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c6 Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|coolo@suse.com | --- Comment #6 from Vincent Untz <vuntz@suse.com> 2011-10-20 07:36:19 UTC --- 09:21 < coolo> vuntz: user setup is /usr/share/opensuse-kiwi/live_user_scripts/*.sh 09:21 < coolo> and then there is correct_live_for_reboot and correct_live_install used by live installed Looking at those scripts, they do the right thing. So things get broken by something else. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c7 Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |locilka@suse.com --- Comment #7 from Vincent Untz <vuntz@suse.com> 2011-10-20 08:15:15 UTC --- I did several test installs to identify when common-auth is changed. Apparently, this is during the "Save installation settings" step in yast. Lukas: do you know who in the yast team could help me debug this? There's something changing /etc/pam.d/ files during the installation (could be with a call to pam-config, but I doubt so), and I'm unsure how to identify the relevant code. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c8 Lukas Ocilka <locilka@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |locilka@suse.com InfoProvider|locilka@suse.com |jsuchome@suse.com --- Comment #8 from Lukas Ocilka <locilka@suse.com> 2011-10-20 09:31:39 UTC --- Vincent: If there was any change in pam config settings, Jiri should know that as he maintains auth code in YaST. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c9 --- Comment #9 from Vincent Untz <vuntz@suse.com> 2011-10-20 09:55:05 UTC --- (In reply to comment #8)
Vincent: If there was any change in pam config settings, Jiri should know that as he maintains auth code in YaST.
FWIW, I'm not sure if it's a recent change or not: I've heard people having similar issues in 11.3 or 11.4, so it might well be an old issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c10 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsuchome@suse.com InfoProvider|jsuchome@suse.com |vuntz@suse.com --- Comment #10 from Jiří Suchomel <jsuchome@suse.com> 2011-10-20 11:26:41 UTC --- I guess this is bug 697670. The question remains same as there: can you check the modification time of those pam files and attach y2log so we can compare and possible find what has changed them? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c11 --- Comment #11 from Vincent Untz <vuntz@suse.com> 2011-10-20 12:33:52 UTC --- Created an attachment (id=457876) --> (http://bugzilla.novell.com/attachment.cgi?id=457876) y2log from first stage installer -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #457876|application/octet-stream |text/plain mime type| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c12 Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|vuntz@suse.com | --- Comment #12 from Vincent Untz <vuntz@suse.com> 2011-10-20 12:36:10 UTC --- All the /etc/pam.d/common-*-pc have this modification time: 15:58:16.748010056 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c13 --- Comment #13 from Vincent Untz <vuntz@suse.com> 2011-10-20 12:40:44 UTC --- So this is the issue: 2011-10-20 15:58:16 <1> linux.site(2481) [YCP] Bootloader.ycp:1535 handleSELinuxPAM called 2011-10-20 15:58:16 <1> linux.site(2481) [YCP] Bootloader.ycp:1543 call disableSELinuxPAM It turns out that this calls pam-config: void disableSELinuxPAM () { string cmd_disable_se = "pam-config -d --selinux 2>/dev/null"; string cmd_enable_aa = "pam-config -a --apparmor 2>/dev/null"; map out = (map) SCR::Execute (.target.bash, cmd_disable_se); y2debug("result of disabling the SELinux PAM module is %1", out); out = (map) SCR::Execute (.target.bash, cmd_enable_aa); y2debug("result of enabling the AppArmor PAM module is %1", out); } And this apparently breaks the hack we have in kiwi-config-openSUSE where we temporarily comment out the pam_gnome_keyring bit in /etc/pam.d/common-auth-pc. Not sure how we should handle that :/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c14 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |coolo@suse.com AssignedTo|bnc-team-gnome@forge.provo. |snwint@suse.com |novell.com | --- Comment #14 from Jiří Suchomel <jsuchome@suse.com> 2011-10-20 12:52:16 UTC --- Wow. I had no idea bootloader code calls pam-config. How can know if the code is wrong or kiwi-config-openSUSE? Coolo? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c15 --- Comment #15 from Steffen Winterfeldt <snwint@suse.com> 2011-10-20 15:32:31 CEST --- That was fate #309275 apparently. Anyway, calling pam-config looks not so forbidden to me. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c17 --- Comment #17 from Vincent Untz <vuntz@suse.com> 2011-10-20 13:55:08 UTC --- I'd say the hack in kiwi-config-openSUSE is not solid enough, so not an issue on yast's side there. I'm trying to figure out how to make the kiwi-config-openSUSE hack more solid, without changing everything. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c18 Steffen Winterfeldt <snwint@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|snwint@suse.com |vuntz@suse.com --- Comment #18 from Steffen Winterfeldt <snwint@suse.com> 2011-10-21 09:03:29 CEST --- thanks -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c19 Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED InfoProvider|coolo@suse.com | Resolution| |FIXED --- Comment #19 from Vincent Untz <vuntz@suse.com> 2011-10-21 08:42:31 UTC --- Fix submitted: sr#88934. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=723339 https://bugzilla.novell.com/show_bug.cgi?id=723339#c20 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |a.vankaam@chello.nl --- Comment #20 from Jiří Suchomel <jsuchome@suse.com> 2011-10-21 08:46:05 UTC --- *** Bug 697670 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=697670 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com