desktop-packages team mailing list archive

Thread
Date

[Bug 322827] Re: libpam-gnome-keyring: keyring password should be updated or cleared when a new system password is used

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: David Burke <dmbst32@xxxxxxxxx>
Date: Wed, 14 Sep 2011 16:14:01 -0000
Reply-to: Bug 322827 <322827@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Still present. Has anyone found a work around? This is a potential show
stopper for a Linux deployment if users happen to need the password for
anything important. Forcing all users to use unsafe (passwordless)
storage would be an acceptable solution.

Right now I'm working around it by going to EVERY user and setting it to
unsafe storage. It's highly annoying with 50 users, it wouldn't be a
solution for any larger deployment. I don't see anyway to use gnome
without the keyring manager either.

I tried setting a unsafe password then copying .gnome2/keyrings to a new
user. This didn't work. Surely there must be some way of doing this.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/322827

Title:
  libpam-gnome-keyring: keyring password should be updated or cleared
  when a new system password is used

Status in “gnome-keyring” package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: libpam-gnome-keyring

  On a system set up to authenticate to an external service, such as
  LDAP, Active Directory, or Kerberos: When the password is changed on
  the external service (e.g. due to a forgotten password+reset or a
  forced periodic password change where the user happened to log in on a
  different machine when the change came due), the keyring is not
  unlockable with the new password.  This means that unless the user
  remembers their old password, and knows how to change the keyring
  password, the keyring must be wiped, losing all the keys stored in the
  keyring.

  This bug is distinct from several other similar bugs, in that it the
  other bugs relate to the keyring password not being updated properly
  when the password is changed on the current system.  This one concerns
  only the situation where the password is changed externally.

  One possible (but very ugly) solution is to simply drop the current
  keyring/passphrase and start anew when the user successfully logs in
  using a password that doesn't unlock the keyring.  Better would be to
  somehow change the keyring password so that the keyring can be
  unlocked with the new password.

  This is in Ubuntu Jaunty.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/322827/+subscriptions