Where and how gnome keyring is started ? No autounlocking

I can't for the love of god find where gnome-keyring is started.

I've looked in systemctl --user units and systemctl unist and in my i3wm config also at ~/.xinitrc and ~/.bash_profile and ~/.profile

There is no meantion of gnome-keyring and yet it's starting.

I don't mean it being run, but I would like to have the keyring auto unlocked.

I've read on archwiki, that the keyring has to be named 'login' and in some configuration even the password must match with login password.

I satisfied both but not unlocking with login :((

Also I use lightdm and there I can't see any keyring related lines.

What should I do? :expressionless: I've looked around this forum+wiki and no luck.

The lightdm is set to autologin the only user.

I've maybe found where it's started, by pam

$ cat /etc/pam.d/lightdm
#%PAM-1.0
auth        include     system-login
-auth       optional    pam_gnome_keyring.so
account     include     system-login
password    include     system-login
session     include     system-login
-session    optional    pam_gnome_keyring.so auto_start

is my pam file

According to this article, when using autologin, the gnome keyring password has to be blank.

When you login normally, the system gives the password you just entered to gnome-keyring , which then unlocks the login keyring.

When you have auto-login enabled, you don't enter any password, and gnome-keyring cannot unlock the keyring automatically. So it asks you to unlock it.

If you want to have auto-login and auto-unlock, you need to remove the keyring's password (set it to a blank one). This won't be a security risk, as you already have automatic login.

This is also stated in the Arch wiki.

But I don't think someone should do this after reading more about it. All the passwords that use gnome keyring (like Chrome) will be in plaintext.

2 Likes

Would that still be the case using disk encryption? I'm using LUKS on all drives + autologin + blank passwd on gnome-keyring.

You can be exploited by rouge script while you are logged in.
You only think in terms of “if computer gets stolen and its powered off”. Then you would be well protected but plaintext password are bad idea in general.

Agreed, the software could have made it more clear to users.

The decission is very bad and inconvenient for me cause I like to enter only one password and that would be my LUKS pass.

So I have to login twice? Once of LUKS and once for Gnome? Isnt't this counterintuitive design?

Well yes :smiley: that is my issue as well.

Luks is separate beast that is not used for anythin in the OS.

You can set autounlock gnome keyring only if you disable autologin.

You have 3 options.

1st use autologin on user and manually unlock gnome keyring
2nd dont use autologin and have the keyring be unlock right after login.
3 don’t use password on gnome keyring

We can yell how r3tarded this design is, but it would do us no good :frowning:

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by