You are not logged in.

#1 2020-04-19 23:42:38

codebeta
Member
Registered: 2019-02-04
Posts: 12
Website

[SOLVED] Gnome Keyring refuses to unlock on login

I've been researching this on and off for a couple of months, but have yet to manage to resolve it. So need to ask, before I go mad.

My current setup is Arch 5.6.5.a-1-hardened, this is fresh installation and I've had the same issue on Fedora as well, just can't put my finger on what exactly I'm doing wrong.

For the Arch setup, I don't have a login manager, so I start X11 with xinit after login on the TTY. (I just love this more than having GDM or LightDM, etc)

I installed gnome-keyring, I have the only keyring named "login", I have also tried with "Login" and "Default keyring" with the same results.

I configured the pam files as per the wiki, which I've read numerous times and have followed to the letter...also looked on the forum and in web searches.

My current setup looks like this

For /etc/pam.d/login

#%PAM-1.0

auth       required     pam_securetty.so
auth       requisite    pam_nologin.so
auth       include      system-local-login
auth       optional     pam_gnome_keyring.so
account    include      system-local-login
session    include      system-local-login
session    optional     pam_gnome_keyring.so auth_start

For /etc/pam.d/passwd

#%PAM-1.0
password	required	pam_cracklib.so difok=3 minlen=15 dcredit=2 ocredit=2 retry=3
password	required	pam_unix.so sha512 shadow use_authtok
#password	required	pam_unix.so sha512 shadow nullok
password    optional    pam_gnome_keyring.so

At this point the keyring doesn't get unlocked, so I add the lines to the .xinitrc in my home directory

#!/bin/zsh

# variables for important files
userresources="${HOME}/.Xresources"
systemduser="/etc/X11/xinit/xinitrc.d/50-systemd-user.sh"

# if there are user Xresources file, the load it
if [ -f "${userresources}" ]; then
    xrdb -merge "$userresources"
fi

[...]

# start the gnome-keyring as a daemon service
export $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh,gpg)

# sourcing the systemd user
if [ -f "${systemduser}" ]; then
    source ${systemduser}
fi

# load the window manager
exec /usr/bin/i3

Whether I use the exact lines in the wiki post or the line that was suggested on this post which makes a reference to a post on a gentoo related site, so trying that as well.

So this starts Gnome Keyring daemon and the closest to an error that I get is the message stating

gnome-keyring-daemon[1502]: couldn't access control socket: /run/user/1000/keyring/control: No such file or directory

But the keyring directory gets created after the daemon is started, so I guess that's just irrelevant...I guess.

On the Fedora install I have i3 as well but use lightdm for the login and that still doesn't manage to unlock the keyring.

So any help is welcomed...not sure what to do next or what to check, not seeing any errors and would like for it to have a password and not go the route of having a password-less keyring.

Last edited by codebeta (2020-04-21 04:45:04)


-NicoleM

Offline

#2 2020-04-20 06:33:27

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 25,263

Re: [SOLVED] Gnome Keyring refuses to unlock on login

I'd say try to move that line *after* the systemd user sourcing at the minimum, otherwise your user dbus won't yet be started

Last edited by V1del (2020-04-20 06:34:50)

Offline

#3 2020-04-20 15:11:05

codebeta
Member
Registered: 2019-02-04
Posts: 12
Website

Re: [SOLVED] Gnome Keyring refuses to unlock on login

Thanks for the response. However, that didn't resolve it.

This is how my current .xinitrc looks like

#!/bin/zsh

# variables for important files
userresources="${HOME}/.Xresources"
userinputconfig="${HOME}/.local/bin/inputconfig"
systemduser="/etc/X11/xinit/xinitrc.d/50-systemd-user.sh"

# if there are user Xresources file, the load it
if [ -f "${userresources}" ]; then
    xrdb -merge "$userresources"
fi

# run the script to configure the input devices
if [ -f "${userinputconfig}" ]; then
    ${userinputconfig}
fi

# sourcing the systemd user
if [ -f "${systemduser}" ]; then
    source ${systemduser}
fi

[...]

# start the gnome-keyring as a daemon service
export $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh,gpg)

# load the window manager
exec /usr/bin/i3

Checking the journalctl -S today -g keyring I have the following

-- Logs begin at Wed 2020-04-15 20:21:32 CST, end at Mon 2020-04-20 08:41:32 CST. --
Apr 20 06:34:35 MYHOST kernel: Initialise system trusted keyrings
Apr 20 06:34:51 MYHOST kernel: audit: type=1100 audit(1587386091.725:37): pid=730 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_securetty,pam_tally2,pam_shells,pam_unix,pam_permit,pam_gnome_keyring acct="MYUSER" exe="/usr/bin/login" hostname=MYHOST addr=? terminal=tty1 res=success'
Apr 20 06:34:51 MYHOST audit[730]: USER_AUTH pid=730 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_securetty,pam_tally2,pam_shells,pam_unix,pam_permit,pam_gnome_keyring acct="MYUSER" exe="/usr/bin/login" hostname=MYHOST addr=? terminal=tty1 res=success'
Apr 20 06:34:51 MYHOST audit[730]: CRED_ACQ pid=730 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_securetty,pam_tally2,pam_shells,pam_unix,pam_permit,pam_gnome_keyring acct="MYUSER" exe="/usr/bin/login" hostname=MYHOST addr=? terminal=tty1 res=success'
Apr 20 06:34:51 MYHOST kernel: audit: type=1103 audit(1587386091.731:39): pid=730 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_securetty,pam_tally2,pam_shells,pam_unix,pam_permit,pam_gnome_keyring acct="MYUSER" exe="/usr/bin/login" hostname=MYHOST addr=? terminal=tty1 res=success'
Apr 20 06:34:52 MYHOST audit[730]: USER_START pid=730 uid=0 auid=1000 ses=1 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_unix,pam_permit,pam_mail,pam_systemd,pam_env,pam_gnome_keyring acct="MYUSER" exe="/usr/bin/login" hostname=MYHOST addr=? terminal=tty1 res=success'
Apr 20 06:34:52 MYHOST audit[730]: CRED_REFR pid=730 uid=0 auid=1000 ses=1 msg='op=PAM:setcred grantors=pam_securetty,pam_tally2,pam_shells,pam_unix,pam_permit,pam_gnome_keyring acct="MYUSER" exe="/usr/bin/login" hostname=MYHOST addr=? terminal=tty1 res=success'
Apr 20 06:36:00 MYHOST gnome-keyring-daemon[1436]: couldn't access control socket: /run/user/1000/keyring/control: No such file or directory
Apr 20 06:36:01 MYHOST dbus-daemon[1426]: [session uid=1000 pid=1426] Activating service name='org.gnome.keyring.SystemPrompter' requested by ':1.2' (uid=1000 pid=1436 comm="/usr/bin/gnome-keyring-daemon --start --components")
Apr 20 06:36:01 MYHOST gcr-prompter[1726]: Gcr: bus acquired: org.gnome.keyring.SystemPrompter
Apr 20 06:36:01 MYHOST dbus-daemon[1426]: [session uid=1000 pid=1426] Successfully activated service 'org.gnome.keyring.SystemPrompter'
Apr 20 06:36:01 MYHOST gcr-prompter[1726]: Gcr: bus acquired: org.gnome.keyring.PrivatePrompter
Apr 20 06:36:01 MYHOST gcr-prompter[1726]: Gcr: acquired name: org.gnome.keyring.SystemPrompter
Apr 20 06:36:01 MYHOST gcr-prompter[1726]: Gcr: received BeginPrompting call from callback /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:01 MYHOST gcr-prompter[1726]: Gcr: preparing a prompt for callback /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:02 MYHOST gcr-prompter[1726]: Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:02 MYHOST gcr-prompter[1726]: Gcr: acquired name: org.gnome.keyring.PrivatePrompter
Apr 20 06:36:02 MYHOST gcr-prompter[1726]: Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:02 MYHOST gcr-prompter[1726]: Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:02 MYHOST gcr-prompter[1726]: Gcr: starting password prompt for callback /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:13 MYHOST gcr-prompter[1726]: Gcr: completed password prompt for callback :1.2@/org/gnome/keyring/Prompt/p2
Apr 20 06:36:13 MYHOST gcr-prompter[1726]: Gcr: calling the PromptReady method on /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:13 MYHOST gcr-prompter[1726]: Gcr: returned from the PromptReady method on /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:13 MYHOST gcr-prompter[1726]: Gcr: received PerformPrompt call from callback /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:13 MYHOST gcr-prompter[1726]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:13 MYHOST gcr-prompter[1726]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:13 MYHOST gcr-prompter[1726]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:13 MYHOST gcr-prompter[1726]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:13 MYHOST gcr-prompter[1726]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:13 MYHOST gcr-prompter[1726]: Gcr: stopping prompting for operation /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:13 MYHOST gcr-prompter[1726]: Gcr: couldn't find the callback for prompting operation /org/gnome/keyring/Prompt/p2@:1.2
Apr 20 06:36:13 MYHOST gcr-prompter[1726]: Gcr: calling the PromptDone method on /org/gnome/keyring/Prompt/p2@:1.2, and ignoring reply

Note: I replaced the hostname with MYHOST and the username with MYUSER


-NicoleM

Offline

#4 2020-04-20 20:51:06

codebeta
Member
Registered: 2019-02-04
Posts: 12
Website

Re: [SOLVED] Gnome Keyring refuses to unlock on login

Was doing an install of Arch on a VirtualBox and finally found out...after months...that the whole thing was because I was missing the line below

auth       include      system-local-login

and that solved the issue...guess I wasn't paying enough attention to the lines, I should have copied and pasted the whole block of code and not just added the keyring lines.


-NicoleM

Offline

#5 2020-04-20 22:57:30

codebeta
Member
Registered: 2019-02-04
Posts: 12
Website

Re: [SOLVED] Gnome Keyring refuses to unlock on login

Ok, so it appears to have worked on the VM, but can't seem to get it to work on my host machine, I deleted the keyring directory and no keyring got created nor creating the keyring with the same name as the one seen on the VM. So not sure how that line worked on the VM but not on the host system.


-NicoleM

Offline

#6 2020-04-21 04:46:30

codebeta
Member
Registered: 2019-02-04
Posts: 12
Website

Re: [SOLVED] Gnome Keyring refuses to unlock on login

So finally, after many tries, I was able to get the keyring to unlock itself after login. Had to delete all of the keyrings and let it automatically create one for itself and was able to replicate the change on another Arch install.


-NicoleM

Offline

#7 2020-07-19 18:58:48

abmantis
Member
Registered: 2015-01-08
Posts: 13

Re: [SOLVED] Gnome Keyring refuses to unlock on login

codebeta wrote:

So finally, after many tries, I was able to get the keyring to unlock itself after login. Had to delete all of the keyrings and let it automatically create one for itself and was able to replicate the change on another Arch install.

Thanks a lot for this! I have been having this issue for a long time, and deleting (and rebooting) made it work again!

EDIT: And the issue is back after a few days sad

Last edited by abmantis (2020-07-21 21:43:56)

Offline

Board footer

Powered by FluxBB