{"id":7,"date":"2008-01-18T09:28:38","date_gmt":"2007-10-29T10:18:44","guid":{"rendered":""},"modified":"2022-02-07T09:40:48","modified_gmt":"2022-02-07T08:40:48","slug":"gnome_s_cool_features_gnome_keyring_aamp","status":"publish","type":"post","link":"https:\/\/blogs.gentoo.org\/remi\/2008\/01\/18\/gnome_s_cool_features_gnome_keyring_aamp\/","title":{"rendered":"Gnome’s cool features : gnome-keyring & pam"},"content":{"rendered":"

Today, I’m starting a new theme for this blog. Instead of ranting or trolling like a good chunk of bloggers out there, I’ll be writing about the cool new stuff upstream Gnome developers have coded during the past 6 months (probably more, since I’ll try to go back to older features as well) and that we offer in Gentoo, but are hidden.<\/p>\n

As many know, Gentoo is about choice, and the default choice is to “opt-in”. So if you install Gnome on Gentoo, you get a bare-bone Gnome experience, sometimes in stark contrast to what other distros do. So in order to level the playing field, I’ll be writing about how to enable some of those cool features. \ud83d\ude42<\/p>\n

Today’s special : gnome-keyring’s pam module.<\/p>\n

Gnome-keyring now provides its own pam module, so you don’t need to emerge pam_keyring. Just enable the pam<\/code> use flag (it should be on by default) and you’ll be ready to start configuring it<\/p>\n

All in all it’s not that complicated. Here’s my \/etc\/pam.d\/system-auth<\/code><\/p>\n

#%PAM-1.0<\/p>\n

auth required pam_env.so
\nauth optional pam_gnome_keyring.so<\/strong>
\nauth sufficient pam_unix.so try_first_pass likeauth nullok
\nauth required pam_deny.so<\/p>\n

account required pam_unix.so<\/p>\n

# This can be used only if you enabled the cracklib USE flag
\npassword required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3
\npassword optional pam_gnome_keyring.so<\/strong>
\n# This can be used only if you enabled the cracklib USE flag
\npassword sufficient pam_unix.so try_first_pass use_authtok nullok md5 shadow
\n# This can be used only if you enabled the !cracklib USE flag
\n# password sufficient pam_unix.so try_first_pass nullok md5 shadow
\npassword required pam_deny.so<\/p>\n

session required pam_limits.so
\nsession optional pam_gnome_keyring.so auto_start<\/strong>
\nsession required pam_unix.so<\/code><\/p>\n

There are a few things to keep in mind though :<\/p>\n

    \n
  1. Always<\/strong> keep an open root shell when doing pam modifications. Better safe than sorry.<\/li>\n
  2. Don’t try it on pam 0.78, it should work but it needs more tweaking and I’m not entirely sure about it. Flameeyes is pushing for pam 0.99 to hit stable on most arches anyway. Things should move quickly.<\/li>\n
  3. Your keyring password must be the same as your pam password. If they are not the same, you need to delete your keyring inside ~\/.gnome2\/keyrings<\/code>.<\/li>\n
  4. Once the passwords are the same, gnome-keyring will keep the two passwords in sync provided you<\/strong> use passwd<\/code> to modify your password. If root does it for you, it won’t work.<\/li>\n
  5. Using this configuration file as-is will launch gnome-keyring for every pam service that includes system-auth<\/code>. If you run other services on your machine, I’d recommend putting the same pam commands inside gdm<\/code> and gnome-screensaver<\/code>. Just make sure to put them before the include<\/code> statements in those two files.<\/li>\n<\/ol>\n

    I’d like to thank Flameeyes for his help, Tester and wltjr for testing things out with me yesterday when I was hitting a roadblock trying to figure out how it all works \ud83d\ude42 So thanks to the three of you.<\/p>\n

    Other than that, enjoy \ud83d\ude09<\/p>\n

    Update<\/strong> : check out the blog comment from welp, there’s some good additional info \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"

    Today, I’m starting a new theme for this blog. Instead of ranting or trolling like a good chunk of bloggers out there, I’ll be writing about the cool new stuff upstream Gnome developers have coded during the past 6 months (probably more, since I’ll try to go back to older features as well) and that … Continue reading Gnome’s cool features : gnome-keyring & pam<\/span><\/a><\/p>\n","protected":false},"author":66,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,5],"tags":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/blogs.gentoo.org\/remi\/wp-json\/wp\/v2\/posts\/7"}],"collection":[{"href":"https:\/\/blogs.gentoo.org\/remi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.gentoo.org\/remi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/remi\/wp-json\/wp\/v2\/users\/66"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/remi\/wp-json\/wp\/v2\/comments?post=7"}],"version-history":[{"count":1,"href":"https:\/\/blogs.gentoo.org\/remi\/wp-json\/wp\/v2\/posts\/7\/revisions"}],"predecessor-version":[{"id":81,"href":"https:\/\/blogs.gentoo.org\/remi\/wp-json\/wp\/v2\/posts\/7\/revisions\/81"}],"wp:attachment":[{"href":"https:\/\/blogs.gentoo.org\/remi\/wp-json\/wp\/v2\/media?parent=7"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/remi\/wp-json\/wp\/v2\/categories?post=7"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/remi\/wp-json\/wp\/v2\/tags?post=7"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}