[Bug 383353] New: Forced to enter keyring password even though pam_gnome_keyring is used
https://bugzilla.novell.com/show_bug.cgi?id=383353 Summary: Forced to enter keyring password even though pam_gnome_keyring is used Product: openSUSE 11.0 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: captain.magnus@opensuse.org QAContact: qa@suse.de Found By: --- With the latest Factory update, I now have to enter my keyring password when an application is accessing it the first time. mblxsrv01:/etc/pam.d # cat gdm #%PAM-1.0 auth include common-auth account include common-account password include common-password session required pam_loginuid.so session include common-session session required pam_resmgr.so auth optional pam_gnome_keyring.so auto_start session optional pam_gnome_keyring.so Not sure how to troubleshoot. Please advise. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=383353
User captain.magnus@opensuse.org added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c1
--- Comment #1 from Magnus Boman
https://bugzilla.novell.com/show_bug.cgi?id=383353
User captain.magnus@opensuse.org added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c2
Magnus Boman
https://bugzilla.novell.com/show_bug.cgi?id=383353
Magnus Boman
https://bugzilla.novell.com/show_bug.cgi?id=383353
JP Rosevear
https://bugzilla.novell.com/show_bug.cgi?id=383353
User vuntz@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c3
--- Comment #3 from Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=383353
User vuntz@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c4
--- Comment #4 from Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=383353
JP Rosevear
https://bugzilla.novell.com/show_bug.cgi?id=383353
User vuntz@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c5
Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=383353
User sndirsch@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c6
Stefan Dirsch
https://bugzilla.novell.com/show_bug.cgi?id=383353
User werner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c7
Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=383353
User vuntz@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c8
Vincent Untz
In other words if the variables GNOME_KEYRING_PID and GNOME_KEYRING_SOCKET are set, the process for the pid found in GNOME_KEYRING_PID is /usr/bin/gnome-keyring-daemon and we have a valid socket, the ssh-agent should be skipped?
then this piece of code
# # No ssh-agent if a ssh session is already provided by an other agent. # if test -n "$GNOME_KEYRING_PID" -a -S "$GNOME_KEYRING_SOCKET" ; then if test -S "$SSH_AUTH_SOCK" ; then usessh=no fi fi
before setting up ssh-agent should work. The question is if the variable GNOME_KEYRING_SOCKET holds the path to a real socket file.
It does, yes. I'm just not sure you need to check that it's a socket file since it's unrelated to the ssh-agent part of gnome-keyring-daemon. Note that it might make sense to distribute this in the gnome-keyring package and install a file in /etc/X11/xinit/xinitrc.d/ if files there are sourced during the login. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=383353
User werner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c9
Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=383353
User captain.magnus@opensuse.org added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c10
Magnus Boman
https://bugzilla.novell.com/show_bug.cgi?id=383353
User vuntz@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c11
--- Comment #11 from Vincent Untz
For this particular piece this is not required. This could be an option for seahorse. Nevertheless, why should a none GNOME user be disturbed by an other agent.
100% agree, it should only be used within GNOME.
Is there any chance to detect if within an gdm session (environment variable GDMSESSION set) a none GNOME session.
I need a test case like
if test test "$usegpg" = yes -a "${WINDOWMANAGER##*/}" = "gnome-session" [...] usegpg=seahorse fi
to switch over to seahorse.
As far as I can tell, the only reliable thing we can rely on is WINDOWMANAGER="/usr/bin/gnome" Note that it's seahorse-agent (seahorse is the app to manage the keys). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=383353
Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=383353
User werner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c12
Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=383353
User werner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c13
--- Comment #13 from Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=383353
User werner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c14
--- Comment #14 from Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=383353
User vuntz@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c15
Vincent Untz
Created an attachment (id=215156) --> (https://bugzilla.novell.com/attachment.cgi?id=215156) [details] /etc/X11/xdm/sys.xsession
Please test out it this /etc/X11/xdm/sys.xsession will work with both gnome-keyring and seahorse-agent
Seems to work fine here. Thanks! There's a small bug: echo "$GPG_AGENT_INFO" > "$GPG_AGENT_FILE" should be echo "GPG_AGENT_INFO=$GPG_AGENT_INFO" > "$GPG_AGENT_FILE" (In reply to comment #12 from Dr. Werner Fink)
AFAICS from http://live.gnome.org/Seahorse/SessionIntegration and the source code seahorse edits the file ~/.gnupg/gpg.conf (which is a bug IMHO) ... beside this seahorse should be started *after* the process which has created the socket $SSH_AUTH_SOCK.
The question is: does the option '--variable' obmit editing ~/.gnupg/gpg.conf? This is given at http://live.gnome.org/Seahorse/SessionIntegration but the souce code says:
If I can trust the modification date of ~/.gnupg/gpg.conf, it hasn't been modified here. So it works. An alternative is to use --execute, but it won't do the agent.info file creation. (In reply to comment #13 from Dr. Werner Fink)
Next point, seahorse-agent does not have an --write-env-file option which makes it very difficult to be able to use the same gpg session even for an sub session e.g. started by Xnest.
Want me to open a bug upstream to get this? Not sure it'll be accepted, but we can try. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=383353
User werner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c16
Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=383353
User vuntz@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c17
--- Comment #17 from Vincent Untz
It would be perfect if the seahorse would provide similar options like the gpg-agent has.
http://bugzilla.gnome.org/show_bug.cgi?id=533205 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=383353
User jpr@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c18
--- Comment #18 from JP Rosevear
https://bugzilla.novell.com/show_bug.cgi?id=383353
User jpr@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c19
JP Rosevear
https://bugzilla.novell.com/show_bug.cgi?id=383353
User vuntz@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c20
Vincent Untz
https://bugzilla.novell.com/show_bug.cgi?id=383353
User stwooe@mailbox.tu-berlin.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c21
--- Comment #21 from Evgeny Bobkin
https://bugzilla.novell.com/show_bug.cgi?id=383353
User stwooe@mailbox.tu-berlin.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c22
Evgeny Bobkin
https://bugzilla.novell.com/show_bug.cgi?id=383353
User werner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c23
Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=383353
User stwooe@mailbox.tu-berlin.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=383353#c24
--- Comment #24 from Evgeny Bobkin
participants (1)
-
bugzilla_noreply@novell.com