GNOME Bugzilla – Bug 505362
automatically change default keyring password to match user password
Last modified: 2009-11-21 20:00:02 UTC
Please describe the problem: When a user change his session password inside Ubuntu Gutsy, the "default" keyring password isn't updated so all keys and password that are on this keyring become unavailable without the old user password, including keys for wireless networks. That means that laptop users won't be able to connect to their wireless networks if they change their session password because they'll have to remove the "default" keyring and create another with the good password, and type again ALL wireless network keys in order to get connected to their protected wireless networks. Or else the user can type is old password each time he wants to connect on a wireless networks, but that's very bad because lamda users won't know what to do when gnome-keyring will ask them for a password they don't know. A fix for this bug should be to update users-admin tool to also change the password for the default keyring when the user change his session password. This fix would probably not work is the user changes his password with another tool than users-admin Another fix would be to find a way to make gnome-keyring use current user password for the special "default" keyring and not in his own keyring passwords. I think that this fix should work under every circumstances if that fix is possible. Steps to reproduce: 1. Take a laptop that can connect to WEP/WPA wifi networks with a clean Linux Ubuntu Gutsy install on it 2. Connect to a WEP or WPA protected network and type the key to access the network 3. The key for the network is saved in the "default" keyring and Ubuntu won't ask you again to access this network 4. Change you user password in System / Administration / Users and Groups 5. Reboot your computer and login again, ubuntu should now ask you for a password to unlock the "default" keyring which still uses your old session password. Actual results: A window appears and ask for the password to unlock keyring named "default" which still use the old user password. Expected results: This window should not appear and the default keyring should still be unlocked automatically, even if the user changed is user password. Does this happen every time? Yes Other information:
Thanks for the bug report. This particular bug has already been reported into our bug tracking system, but please feel free to report any further bugs you find. *** This bug has been marked as a duplicate of 338088 ***
Thanks for your comment. Unless I'm wrong, this bug will need bug #338088 to be fixed first but it's not a duplicate of bug #338088, isn't it? Same if there's a way to change the password for the default keyring, it doesn't change it automatically to be the same as the current user session, and that's what I was talking about with that bug report. (In reply to comment #1) > Thanks for the bug report. This particular bug has already been reported into > our bug tracking system, but please feel free to report any further bugs you > find. > > > *** This bug has been marked as a duplicate of 338088 *** >
I agree with Oxmosys, this is not a duplicate (for the very reasons he already said).
If the user changes their login password the normal way (not by using administrative tools) then the gnome-keyring login password will be updated to match. Please verify this on your system. Use the command 'passwd' to change your password, or the gnome-about-me tool aka: 'About Me'. The gnome-keyring login password should be updated (your auth syslog should contain a line to that effect). gnome-system-tools (which users-admin is a component of) does not use the proper unix commands (and PAM) to update the user's password. You might want to file a bug against gnome-system-tools about that issue.
Thanks for these informations. I tested what you said and the problem is still there, so I believe that gnome-keyring is still a part of this bug. I have a laptop connected over a WPA wireless network, the network key is stored in the default keyring and the user password is banana. What I did : 1. I type passwd and changed my password to banana4 2. I logout 3. I open a new session for the same user with the new password ( banana4 ) 4. I try to connect to my wireless network using nm-applet. Result : gnome-keyring ask me to unlock the default keyring. The default keyring still has the "banana" password, while it should now be "banana4" Tested on ubuntu Hardy alpha 2, gnome-keyring 2.20-0ubuntu4, nm-applet 0.6.5-0ubuntu16.7.10.0
Could you post the contents of your /etc/pam.d/passwd file? Also could you look through your syslog auth log (usually /var/log/auth.log) for any keyring messages: grep gkr /var/log/auth.log Thanks.
Created attachment 102650 [details] /var/log/auth.log file
Created attachment 102651 [details] dmesg output
Created attachment 102652 [details] /etc/pam.d/passwd file
I hope that it gives relevant information. This bug can be reproduced on any laptop under ubuntu gutsy / hardy.
Ubuntu does not add gnome-keyring to the /etc/pam.d/passwd file (or common-password), as outlined here: http://live.gnome.org/GnomeKeyring/Pam In order to get this fixed, you could file a bug with Ubuntu asking to enable this functionality by including gnome-keyring in the /etc/pam.d/passwd file.
Thanks for this information. I'll look at this. So far I did everything that is described in http://live.gnome.org/GnomeKeyring/Pam except the compilation part, I'll look deeper around that problem with ubuntu developpers.
I can confirm this is still happening on gnome-keyring 2.28.1 (Karmic). It seems that there has not been much progress on this bug and it still affects many users. Could the status of this bug be changed so that it gets seen again. I may be incorrect, but from what I understand, shouldn't it be a case of: -Unlocking the keyring -Taking the passwords and rewrapping them with a new keyring password (perhaps in a new keyring?) Currently, changing a user password does not automatically prompt for the keyring password. Is it technically possible to *manually* change a keyring password? If so, how would one accomplish this task?
Apparently the problem reported above is not with gnome-keyring but with passwd/gnome-about-me not working. So this bug seems to be fixed indeed.