Well, we have it now in MX 17 it's tested and works very well, we would need only to turn it on.
fehlix wrote: ↑Wed Sep 12, 2018 4:45 pm Gnome-keyring - unlocked
Enable secure password store with gnome-keyring to avoid keyring prompt
Gnome-keyring’s default password-stores used by different apps like Chrome/Chromium and other can be setup in such a way that they automatically get unlocked during session login.
Within MX Linux we are already prepared to enable and use this auto-unlock feature provided by the Pluggable Authentication Modules (PAM) mechanism:
After the user enters the login password the pam-library will unlock the login-keyring managed by the gnome-keyring subprocess. To turn PAM on we have only to install the package libpam-gnome-keyring. Use either MX Package Installer, Synaptic or the CLI to install the package:After logout and login do open „Password and Keys“ to verify that the newly created Login-keyring is automatically unlocked.Code: Select all
sudo apt-get install libpam-gnome-keyring
Only one keyring : Login keyring
If no other password-store keyring is already in use the Login-keyring will also become the default password-store keyring.
Right click with the Login-keyring to verify / set it to default password store.
1_kr-login-empty.png
When you open an application which requires to save/fetch it’s credential into/from the default password-store keying the keyring to store passwords will be used.
E.g. open Chromium and you‘ll see that Chromiums internal encryption keys get stored within the default (login) keyring:
2_kr-login-default.png
Default keyring already exists
If you already have a password-store “Default keyring” in use by chromium, which holds your passwords and chromiums internal encryption keys you can secure this keyring with a password and automatically unlock the keyring on application request by means of the PAM-Login-keyring mechanism.
To secure and enable auto-unlock of existing “Default keyring” used by chromium (or any other app):
- close Chromium
- open „Password and Keys“
- right click on your existing password store “Default keyring” → set default
- right click on “Default keyring” to verify or change existing password
Now the trick:
- right click on you existing “Default keyring” password store → Lock
And now - this is important:
- right click again on your existing “Default keyring” password store → Unlock
→ Click on “Automatically unlock this keyring whenever I’m logged in”
and enter the password of your “Default keyring”.
Logout, login and to verfiy with „Password and Keys“ that you login-keyring is unlocked
and you “Default keyring” is still locked.
3-kr-log-def-locked.png
Now open chromium and verify that the “Default keyring”
used by chromum get’s automaticaly unlocked.
4-ld-unlocked.png
Attched the above as PDF-file.
--fehlix
on behalf of MX Linux community
It only pops up once in a while when I use Google Chrome (granted I only use it when a page doesn't open in FF) in my distros. Like Uncle Mark, I just hit cancel.uncle mark wrote: ↑Wed Sep 12, 2018 8:08 pm I have a load of Mint 18 KDE and it exhibits this same behavior (kwallet) with Google Chrome the first time it's launched. I just hit cancel and carry on. Kind of a PITA, but not a big deal.
Thanks.Jerry3904 wrote: ↑Thu Sep 13, 2018 6:55 am Thanks, fehlix--pasted this into the Wiki:
https://mxlinux.org/wiki/system/gnome-keyring
Will edit, including DO's addition
that's a "maybe", but probably likely since our mx-user-manager runs with root permissions by default.fehlix wrote: ↑Thu Sep 13, 2018 7:15 amThanks.Jerry3904 wrote: ↑Thu Sep 13, 2018 6:55 am Thanks, fehlix--pasted this into the Wiki:
https://mxlinux.org/wiki/system/gnome-keyring
Will edit, including DO's addition
You might consider to add something like this foot-note somewhere:
~~~~~~
Note:
If you are changing later your login-password, you have not to forget to
to adjust also the password of the Login-keyring using „Password and keys“,
otherwise PAM cannot unlock your login-keyring automatically.
~~~~~
When the user changes their password, the PAM module changes the password of the 'login' keyring to match.
Again, here gnome-keyring-daemon is started if necessary.
If root changes the password, or /etc/shadow is directly edited then due to the lack of the old password, the 'login' keyring cannot be updated.
Ohh.., that's new to me. That might have been introduced recently(?) into PAM...dolphin_oracle wrote: ↑Thu Sep 13, 2018 7:34 amWhen the user changes their password, the PAM module changes the password of the 'login' keyring to match.
hmm...if its new, it may or may not be in debian yet. we better test that.fehlix wrote: ↑Thu Sep 13, 2018 7:48 amOhh.., that's new to me. That might have been introduced recently(?) into PAM...dolphin_oracle wrote: ↑Thu Sep 13, 2018 7:34 amWhen the user changes their password, the PAM module changes the password of the 'login' keyring to match.
Cool, PAM changed by login-keyring password automaticaly in MX17.1 64bitdolphin_oracle wrote: ↑Thu Sep 13, 2018 7:49 am hmm...if its new, it may or may not be in debian yet. we better test that.
Code: Select all
feh@mx:~/Desktop
$ passwd
Changing password for feh.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
Bad: new password is too simple
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully