You are not logged in.
A few days/weeks ago (probably after some of the system upgrades), the Gnome keyring asks for a password after login, while in the past it was open automatically by PAM.
$ grep -r pam_gnome_keyring.so /etc/pam.*
/etc/pam.d/system-login:auth optional pam_gnome_keyring.so
/etc/pam.d/system-login:session optional pam_gnome_keyring.so auto_start
/etc/pam.d/passwd:password optional pam_gnome_keyring.so
/etc/pam.d/gdm-autologin:auth optional pam_gnome_keyring.so
/etc/pam.d/gdm-autologin:session optional pam_gnome_keyring.so auto_start
/etc/pam.d/gdm-password:auth optional pam_gnome_keyring.so
/etc/pam.d/gdm-password:password optional pam_gnome_keyring.so use_authtok
/etc/pam.d/gdm-password:session optional pam_gnome_keyring.so auto_start
/etc/pam.d/gdm-pin:auth optional pam_gnome_keyring.so
/etc/pam.d/gdm-pin:password optional pam_gnome_keyring.so use_authtok
/etc/pam.d/gdm-pin:session optional pam_gnome_keyring.so auto_start
'/etc/pam.d/gdm-password' is the default as provided by package:
auth include system-local-login
auth optional pam_gnome_keyring.so
account include system-local-login
password include system-local-login
password optional pam_gnome_keyring.so use_authtok
session optional pam_keyinit.so force revoke
session include system-local-login
session optional pam_gnome_keyring.so auto_start
Since I use GDM, the default keyring is supposed to be named "login" to be automatically unlocked. Seahorse shows keyring name "Login", but the file seems to be named correctly '$HOME/.local/share/keyrings/login.keyring'.
Any idea how to debug it? I use a pretty long password and retyping it several types (login, keyring, keepass) drives me crazy...
Last edited by MilanKnizek (2017-05-27 07:25:44)
--
Milan Knizek
http://knizek.net
Offline
Well, I gave up too early before trying all options.
The problem is solved by removing the "pam_gnome_keyring.so" lines from /etc/pam.d/system-login, which I added there some time in the past to make the Gnome keyring work in a different environment.
This file got sourced (indirectly) by /etc/pam.d/gdm-password, which ended up with two instances of 'pam_gnome_keyring.so'. I do not know why this is problematic now and was okay few weeks ago, but problem is solved now.
--
Milan Knizek
http://knizek.net
Offline