GNOME Bugzilla – Bug 483288
cannot load keyrings when using a ? (question mark) password and pam-mount
Last modified: 2008-04-10 08:50:43 UTC
versions: ii gnome-keyring 2.20-0ubuntu1 ii gnome-keyring-manager 2.20.0-0ubuntu2 ii libgnome-keyring0 2.20-0ubuntu1 ii libpam-gnome-keyring 2.20-0ubuntu1 The applet cannot create persistent keyrings (and as a result network manager always prompts to create one at logon). If I open gnome-keyring-manager it shows only session keyring, if I manually try to create another keyring (such as 'session' or 'login') it first lists it in keyrings list however when I click on the keyring a window pops up saying "no such keyring". If I run gnome-keyring-manager through the shell this problem is reported as "(gnome-keyring-manager:6822): Gnome-Keyring-Manager-WARNING **: Failed to get keyring info." of course when I close and restart keyring manager no keyrings other than 'session' are listed. In .gnome2/keyrings there are actually listed several keyrings: default default1.keyring default2.keyring etc, the one me or network manager applet tried to create each time I login to my WAP network, however none of them are actually recognised by the applet so that it keeps creating new ones. I tried deleting contents of .gnome2/keyrings and also tried using a new user account but no chance to get it working anyway!! PS: access to both folder keyrings and keyrings files is set to rw for the user only, no access for group and others), this is anyway the default access configuration, I changed nothing. those error messages are provided by nm-applet ** (nm-applet:24977): WARNING **: couldn't connect to daemon at $GNOME_KEYRING_SOCKET: /tmp/keyring-Zpi3Sl/socket: Connection refused ** (nm-applet:24977): WARNING **: couldn't communicate with gnome keyring daemon via dbus: The name org.gnome.keyring was not provided by any .service files ** (nm-applet:24977): WARNING **: <WARN> nmi_save_network_info(): Error saving secret for wireless network 'myhome' in keyring: 2
Thanks for taking the time to report this bug, but I think this has been fixed and will be released in GNOME 2.20.1: 2007-09-23 Stef Walter <stef@memberwebs.com> * daemon/gkr-daemon-ops.c: Add newly created keyrings to our list of loaded keyrings. Patch by Darren Kenny. Fixes bug #476644 Please reopen this bug if it doesn't fix the problem for you. *** This bug has been marked as a duplicate of 476644 ***
Thank you Stef for your reply, my report seems actually a duplicate of bug 476644. I just want to add one thing: still with (it seems patched version has not been released yet by Ubuntu team) gnome-keyring 2.20-0ubuntu4, gnome-keyring-manager 2.20.0-0ubuntu2, libgnome-keyring0 2.20-0ubuntu4 libpam-gnome-keyring 2.20-0ubuntu4 I can notice that if I kill the automatically executed process gnome-keyring-daemon aldeby 6162 0.0 0.0 29660 1952 ? SL 16:58 0:00 /usr/bin/gnome-keyring-daemon -d and then run command gnome-keyring-daemon this loads well and what's more gnome-keyring-manager starts working as expected!! unfortunately this lasts only for the session, after a reboot I have to do this trick again.
I'm sorry I have to reopen this bug but I have better focused the problem behind this misbehavior. the problem described in this bug (that is very similar to the one of bug 476644) seems caused by the interaction between gnome-keyring-daemon and libpam-mount, hence so few people who reported this bug! package versions are: ii gnome-keyring 2.20-0ubuntu4 ii gnome-keyring-manager 2.20.0-0ubuntu2 ii libgnome-keyring0 2.20-0ubuntu4 ii libpam-gnome-keyring 2.20-0ubuntu4 ii libpam-mount 0.18-4 I can say without any doubt that gnome-keyring works perfectly when files /etc/pam.d/gdm and /etc/pam.d/login do not contain the line: @include common-pammount (which I had put at the end of the file, after all other arguments) however as soon as I include or uncomment that line and reboot I get the reported problem: no keyrings are going to be loaded! as I wrote in the previous post if I kill the gnome-keyring-daemon and then start it again having pammount enabled I can bring the keyring working again. Unfortunately I should do this at every reboot. Note: I use libpam-mount in order to automatically mount my encrypted partitions upon login. Seems few linux users do this hence have experienced this problem.
Created attachment 97178 [details] my /etc/pam.d/gdm file with the string commented out
Created attachment 97179 [details] my /etc/pam.d/login file with the string commented out
Can you please give me some advice concerning which configuration files are somehow related to both pam and the gnome keyring? (files which are read by the gnome keyring and pam mount module) on a different machine with Ubuntu gutsy stable I did the same configuration as described above and pam_mount and the gnome keyring work both as expected. I guess this is because that is a clean install, however it remains that the problem on my machine still occurs. Provided that there are no conflicts between the two packages there should be a problem with the configuration files or something like that which has not been upgraded cleanly from versions previous to those included in the official release of Gutsy Gibbon 7.10. I really would like to get rid of this bug without having to do a clean install.
SOLUTION: After this bug has driven me totally crazy I finally focused out the actual cause of the described issue: use of character ? (question mark) inside the passwork. Yes that is, if you choose a password for gnome keyring containing the ? (question mark) character the keyring cannot open the keyrings any more reproducing the described misbehavior. Changing the password with one that does not contain that character solves the problem. I have not figured out if other characters are incompatible as well, however this is definitely a bug since linux does accept passwords containing ? and to auto-open the keyring at login its password must be the same to the user account one.
In order to reproduce the bug you have to: 1) have an encrypted /home partition with dm-crypt 2) have set libpam-mount to open it automatically at login (properly editing /etc/security/pam_mount.conf and then adding the '@include common-pammount' string in /etc/pam.d/gdm) 3) have either user account, dm-crypt volume and gnome-keyring all the same password (to enable auto-open both the encrypted volume and the keyring at login) 4) password which should include at least one ? (question mark) character. Tested workaround exist if either point 2) or 4) are not satisfied a) string '@include common-pammount' is not added to /etc/pam.d/gdm (because you use /etc/crypttab to mount the partition) or b) password does not have any ? (question mark) inside or c) restarting gnome-keyring-daemon after login the bug explicits itself in an gnome-keyring-daemon malfunction with gnome-keyring-manager incapable to unlock keyrings and what's more unable to even recognise existing ones. Folder $HOME/.gnome2/keyrings is being populated with an additional keyring each time gnome-keyring-manager prompts you to create a default one. Please, fix this bug since it has driven me crazy for a while, at least advise the users that no question mark can be used in its passwords!
I just used question marks in my password and it works perfectly. Can you still duplicate all of this with 2.20.1?