fehlix wrote: ↑Wed Sep 12, 2018 4:45 pm
Gnome-keyring - unlocked
Enable secure password store with gnome-keyring to avoid keyring prompt
Gnome-keyring’s default password-stores used by different apps like Chrome/Chromium and other can be setup in such a way that they automatically get unlocked during session login.
Within MX Linux we are already prepared to enable and use this auto-unlock feature provided by the Pluggable Authentication Modules (PAM) mechanism:
After the user enters the login password the pam-library will unlock the login-keyring managed by the gnome-keyring subprocess. To turn PAM on we have only to install the package libpam-gnome-keyring. Use either MX Package Installer, Synaptic or the CLI to install the package:
Code: Select all
sudo apt-get install libpam-gnome-keyring
After logout and login do open „Password and Keys“ to verify that the newly created Login-keyring is automatically unlocked.
Only one keyring : Login keyring
If no other password-store keyring is already in use the Login-keyring will also become the default password-store keyring.
Right click with the Login-keyring to verify / set it to default password store.
1_kr-login-empty.png
When you open an application which requires to save/fetch it’s credential into/from the default password-store keying the keyring to store passwords will be used.
E.g. open Chromium and you‘ll see that Chromiums internal encryption keys get stored within the default (login) keyring:
2_kr-login-default.png
Default keyring already exists
If you already have a password-store “Default keyring” in use by chromium, which holds your passwords and chromiums internal encryption keys you can secure this keyring with a password and automatically unlock the keyring on application request by means of the PAM-Login-keyring mechanism.
To secure and enable auto-unlock of existing “Default keyring” used by chromium (or any other app):
- close Chromium
- open „Password and Keys“
- right click on your existing password store “Default keyring” → set default
- right click on “Default keyring” to verify or change existing password
Now the trick:
- right click on you existing “Default keyring” password store → Lock
And now - this is important:
- right click again on your existing “Default keyring” password store → Unlock
→ Click on “Automatically unlock this keyring whenever I’m logged in”
and enter the password of your “Default keyring”.
Logout, login and to verfiy with „Password and Keys“ that you login-keyring is unlocked
and you “Default keyring” is still locked.
3-kr-log-def-locked.png
Now open chromium and verify that the “Default keyring”
used by chromum get’s automaticaly unlocked.
4-ld-unlocked.png
Attched the above as PDF-file.
--fehlix
on behalf of MX Linux community