You are not logged in.
I have a setup with centralized user management using LDAP authentication against a server.
When I log in as an arbitrary user, the user's Gnome keyring will not automatically unlock.
It, however, works with local authentication (tried it with a new test user: Seahorse shows keyring unlocked after login here).
I only found this old thread, which vaguely describes the solution to a similar issue.
I don't know whether this actually is a PAM issue. But I followed the LDAP user authentication method as described in the Wiki.
The relevant PAM files I changed are:
$ grep ldap *
passwd:password sufficient pam_ldap.so
system-auth:auth sufficient pam_ldap.so
system-auth:account sufficient pam_ldap.so
system-auth:password sufficient pam_ldap.so
system-auth:session optional pam_ldap.so
What do I need to change in my setup, in PAM or other possible systems, to allow an LDAP user's keyring to be unlocked after login?
Update: Journal
Last edited by schard (2019-05-21 15:30:58)
macro_rules! yolo { { $($tokens:tt)* } => { unsafe { $($tokens)* } }; }
Offline
There is an other old thread here
also unsolved
I have the same problem with ldap configured according to wiki doku
"Man kann ein Problem nicht mit den gleichen Denkstrukturen lösen, die zu seiner Entstehung beigetragen haben." (Albert Einstein)
"A problem cannot be solve at the same level of thinking at which it was created." (Albert Einstein)
Offline
Did you enable PAM to unlock GNOME keyring too? For instructions: https://wiki.archlinux.org/index.php/GN … PAM_method
Offline
Everything works fine with local login. Only when login via ldap the keyring is not unlocked.
"Man kann ein Problem nicht mit den gleichen Denkstrukturen lösen, die zu seiner Entstehung beigetragen haben." (Albert Einstein)
"A problem cannot be solve at the same level of thinking at which it was created." (Albert Einstein)
Offline
I found the solution here: https://wiki.gnome.org/Projects/GnomeKe … figuration
In /etc/pam.d/gdm-password change the following:
< auth include system-local-login
---
> auth substack system-local-login
*poof* *magic*
Last edited by schard (2019-05-21 15:50:00)
macro_rules! yolo { { $($tokens:tt)* } => { unsafe { $($tokens)* } }; }
Offline