namida12 wrote: ↑Wed Sep 26, 2018 1:46 am
I added libpam-gnome-keyring to MX via Synaptic, and shutdown my MX system. When it reopened discovered It did not remember any passwords including Synaptic.
MX had forgotten all of my passwords.
OK, I digged into this a bit further ...
After adding libpam-gnome-keyring and having removed all
keyring-files from ~/.local/share/keyrings
only a logout/login is required. PAM will create a new login-keyring.
This new keyring will also become the "default" keyring, i.e. it has
the properties to be "default". And further PAM will unlock
this "default" login-keyring after you logged-in with a password.
Chrome will now see the new "default" keyring and will further use
this empty keyring to populated after syncing with your passwords.
Synaptic: We do have two GUI-ways to start synaptic, either through
the menu or through right-click of apt-notifier.
Starting synaptic through the menu will go through a pkexec-authentication
and will always ask for a password.
When you start synaptic through apt-notifier-icon it
goes with help of /usr/bin/su-to-root to a call of gksu.
Gksu is enabled with a PAM-API to call gnome-keyring.
And now we should assume that gksu would also use the "default" keyring,
which happens to be the login-keying, when you request the entered
password to be saved "permanently" not only for the session.
When you now enter the password to be saved "remember password"
it will than asked you to enter the password for a new "default" keyring.
And this is an outstanding bug with Gnome/GTK, which I remember have seen
a couple of years ago when gnome-keyring still was young.
The issue is that the gnome/gtk developer seem to be got confused
about the gnome-keyring API and the use of the term "default keyring".
The GTK-implementation used by gksu unfortunately misinterprets
the API-documention and do look for a keyring with the name "default"
instead of the property "default".
So the popup to create a new "default" keyring is about to create a new keyring
with the name "default", instead of using the existing "default" login-keyring
An the other side Chrome/Chromium are doing it right, both using
the existing login-keying (property default) to store/save the passwords.
Now what? The workaround is simple: Let GTK/gksu create
the new "default-keyring", i.e. enter any password you like.
The keyring will be unlocked by PAM. But you might still
enter than once again the password for the "default-keyring" where
you than got an option to click "remember password to unlock after login."
Summary: If you use app which intern relies on gksu, you might still need to"create" a new "default" keyring,
due to a gtk "bug" if you want to store the entered "root" password permanently.
Solution just create the new "default" keyring and click next time remember, if you like.
Ufff .. to many words .. I know .. sorry