After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 505362 - automatically change default keyring password to match user password
automatically change default keyring password to match user password
Status: RESOLVED NOTGNOME
Product: gnome-keyring
Classification: Core
Component: general
git master
Other All
: Normal enhancement
: ---
Assigned To: GNOME keyring maintainer(s)
GNOME keyring maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2007-12-24 06:04 UTC by Oxmosys
Modified: 2009-11-21 20:00 UTC
See Also:
GNOME target: ---
GNOME version: Unversioned Enhancement

Attachments
/var/log/auth.log file (12.94 KB, text/plain)
2008-01-12 07:43 UTC, Oxmosys 		Details
dmesg output (27.14 KB, text/plain)
2008-01-12 07:44 UTC, Oxmosys 		Details
/etc/pam.d/passwd file (92 bytes, text/plain)
2008-01-12 07:45 UTC, Oxmosys 		Details

Description Oxmosys 2007-12-24 06:04:12 UTC 
Please describe the problem:
When a user change his session password inside Ubuntu Gutsy, the "default" keyring password isn't updated so all keys and password that are on this keyring become unavailable without the old user password, including keys for wireless networks.

That means that laptop users won't be able to connect to their wireless networks if they change their session password because they'll have to remove the "default" keyring and create another with the good password, and type again ALL wireless network keys in order to get connected to their protected wireless networks. Or else the user can type is old password each time he wants to connect on a wireless networks, but that's very bad because lamda users won't know what to do when gnome-keyring will ask them for a password they don't know.

A fix for this bug should be to update users-admin tool to also change the password for the default keyring when the user change his session password. This fix would probably not work is the user changes his password with another tool than users-admin

Another fix would be to find a way to make gnome-keyring use current user password for the special "default" keyring and not in his own keyring passwords. I think that this fix should work under every circumstances if that fix is possible.



Steps to reproduce:
1. Take a laptop that can connect to WEP/WPA wifi networks with a clean Linux Ubuntu Gutsy install on it
2. Connect to a WEP or WPA protected network and type the key to access the network
3. The key for the network is saved in the "default" keyring and Ubuntu won't ask you again to access this network
4. Change you user password in System / Administration / Users and Groups
5. Reboot your computer and login again, ubuntu should now ask you for a password to unlock the "default" keyring which still uses your old session password.

Actual results:
A window appears and ask for the password to unlock keyring named "default" which still use the old user password.

Expected results:
This window should not appear and the default keyring should still be unlocked automatically, even if the user changed is user password.

Does this happen every time?
Yes

Other information:
Comment 1 Teppo Turtiainen 2007-12-28 21:47:42 UTC 
Thanks for the bug report. This particular bug has already been reported into our bug tracking system, but please feel free to report any further bugs you find.


*** This bug has been marked as a duplicate of 338088 ***
Comment 2 Oxmosys 2007-12-28 22:35:15 UTC 
Thanks for your comment. Unless I'm wrong, this bug will need bug #338088 to be fixed first but it's not a duplicate of bug #338088, isn't it? Same if there's a way to change the password for the default keyring, it doesn't change it automatically to be the same as the current user session, and that's what I was talking about with that bug report.

(In reply to comment #1)
> Thanks for the bug report. This particular bug has already been reported into
> our bug tracking system, but please feel free to report any further bugs you
> find.
> 
> 
> *** This bug has been marked as a duplicate of 338088 ***
>
Comment 3 Tomáš Hnyk 2007-12-30 01:23:57 UTC 
I agree with Oxmosys, this is not a duplicate (for the very reasons he already said).
Comment 4 Stef Walter 2008-01-04 21:29:20 UTC 
If the user changes their login password the normal way (not by using administrative tools) then the gnome-keyring login password will be updated to match. 

Please verify this on your system. Use the command 'passwd' to change your password, or the gnome-about-me tool aka: 'About Me'. The gnome-keyring login password should be updated (your auth syslog should contain a line to that effect).

gnome-system-tools (which users-admin is a component of) does not use the proper unix commands (and PAM) to update the user's password. You might want to file a bug against gnome-system-tools about that issue.
Comment 5 Oxmosys 2008-01-04 23:12:28 UTC 
Thanks for these informations.

I tested what you said and the problem is still there, so I believe that gnome-keyring is still a part of this bug. I have a laptop connected over a WPA wireless network, the network key is stored in the default keyring and the user password is banana. What I did :

1. I type passwd and changed my password to banana4
2. I logout
3. I open a new session for the same user with the new password ( banana4 )
4. I try to connect to my wireless network using nm-applet.

Result : gnome-keyring ask me to unlock the default keyring. The default keyring still has the "banana" password, while it should now be "banana4"

 Tested on ubuntu Hardy alpha 2, gnome-keyring 2.20-0ubuntu4, nm-applet 0.6.5-0ubuntu16.7.10.0
Comment 6 Stef Walter 2008-01-11 16:12:29 UTC 
Could you post the contents of your /etc/pam.d/passwd file? Also could you look through your syslog auth log (usually /var/log/auth.log) for any keyring messages:

grep gkr /var/log/auth.log

Thanks.
Comment 7 Oxmosys 2008-01-12 07:43:38 UTC 
Created attachment 102650 [details]
/var/log/auth.log file
Comment 8 Oxmosys 2008-01-12 07:44:13 UTC 
Created attachment 102651 [details]
dmesg output
Comment 9 Oxmosys 2008-01-12 07:45:05 UTC 
Created attachment 102652 [details]
/etc/pam.d/passwd file
Comment 10 Oxmosys 2008-01-12 07:47:37 UTC 
I hope that it gives relevant information. This bug can be reproduced on any laptop under ubuntu gutsy / hardy.
Comment 11 Stef Walter 2008-01-12 14:20:02 UTC 
Ubuntu does not add gnome-keyring to the /etc/pam.d/passwd file (or common-password), as outlined here: 

http://live.gnome.org/GnomeKeyring/Pam

In order to get this fixed, you could file a bug with Ubuntu asking to enable this functionality by including gnome-keyring in the /etc/pam.d/passwd file.
Comment 12 Oxmosys 2008-01-13 06:18:13 UTC 
Thanks for this information. I'll look at this. So far I did everything that is described in http://live.gnome.org/GnomeKeyring/Pam except the compilation part, I'll look deeper around that problem with ubuntu developpers.
Comment 13 komputes 2009-11-21 16:51:31 UTC 
I can confirm this is still happening on gnome-keyring 2.28.1 (Karmic). It seems that there has not been much progress on this bug and it still affects many users. Could the status of this bug be changed so that it gets seen again. 

I may be incorrect, but from what I understand, shouldn't it be a case of:

-Unlocking the keyring
-Taking the passwords and rewrapping them with a new keyring password (perhaps in a new keyring?)

Currently, changing a user password does not automatically prompt for the keyring password. Is it technically possible to *manually* change a keyring password? If so, how would one accomplish this task?
Comment 14 Milan Bouchet-Valat 2009-11-21 20:00:02 UTC 
Apparently the problem reported above is not with gnome-keyring but with passwd/gnome-about-me not working. So this bug seems to be fixed indeed.