Confirmed, but the Ubuntu bug you link above is not related IMO, see rather https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/583428.

The problem is that gnome-keyring-daemon is hanging on login because with the --login option, it's waiting for the password to be passed by PAM via stdin, which never happens. While it's in this state, it won't answer D-Bus messages, and will also prevent new instances of the keyring from owning the D-Bus name for apps to communicate with them.
(Code is in read_login_password():
http://git.gnome.org/browse/gnome-keyring/tree/daemon/gkd-main.c#n390)

For reference, the password-less login option used by users-admin is working by adding the line
> auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin
to /etc/pam.d/gdm, which explains why g-k-d is confused.

This bug is hard to solve somwhere else than in gnome-keyring-daemon itself, since we need to use the same /etc/pam.d/gdm file for logins with and without password. So the solution would be that g-k-d detects no password is going to be passed. Not sure how PAM works in that regard...

So the problem seems to be in the PAM module, which is supposed to start the daemon without the --login option if no password is passed.

There's code to check that password is not NULL, so the problem must be in pam_sm_authenticate(), which gets the password from PAM:
(from http://git.gnome.org/browse/gnome-keyring/tree/pam/gkr-pam-module.c#n829)
	/* Look up the password */
	ret = pam_get_item (ph, PAM_AUTHTOK, (const void**)&password);
	if (ret != PAM_SUCCESS || password == NULL) {
		if (ret == PAM_SUCCESS)
			syslog (GKR_LOG_WARN, "gkr-pam: no password is available for user");
		else
			syslog (GKR_LOG_WARN, "gkr-pam: no password is available for user: %s",
			        pam_strerror (ph, ret));
		return PAM_SUCCESS;
	}

Anyway, the code path is weird here, since we return if password is NULL. So checking later whether it's NULL makes no sense...

PAM documentation says item value will be NULL if not present, so this should work:
http://www.opengroup.org/onlinepubs/008329799/pam_get_item.htm
One would need to check whether password is actually NULL in our case. It's possible that password is a pointer to a NULL char, which is not detected. In that case, changing the check above to:
if (ret != PAM_SUCCESS || password == NULL || strlen(password) == 0) {
Would work.

Stef, any ideas?

Forget this, actually the --login option is not passed when logging without password, I was wrong.

Could you check which of the instances you see is printing the log messages? you have the PID in the message ([22168]), to compare with the result of 'ps ax | grep gnome-keyring-daemon'. It may simply reflect that the subsequent attempts to start the daemon are failing, so not the cause of the problem.

Created attachment 161695 [details] [review]
Possible fix

I think this patch could fix the problem. Does it fix it for you guys?

Hi,

I tried this patch, and now I see only one instance of g-k-d running, but I still cannot communicate with it over dbus. It still prints the 'couldn't connect to dbus session bus' errors in auth.log.

What does does the gnome-keyring-daemon line look like in your ps output?

It looks like: 
> haggai   30849  0.0  0.0  70680  2204 ?        Sl   18:59   0:00 /usr/bin/gnome-keyring-daemon --daemonize

It looks like although you built the patch, you didn't install the resulting gnome-keyring build onto your system, or not in the right places.

Which arguments did you run configure with? On my system (Ubuntu) I have to do the following:

$ sh autogen.sh --with-root-certs=/etc/ssl/certs/ --with-pam-dir=/lib/security/ --prefix=/usr --sysconfdir=/etc --enable-tests --enable-gtk-doc
$ make
$ sudo make install

I tried the patch with the Ubuntu package. It uses the following configure arguments:
./configure --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --libexecdir=${prefix}/lib/gnome-keyring --disable-maintainer-mode --disable-dependency-tracking --disable-silent-rules --srcdir=. --enable-static --with-pam-dir=/lib/security --with-root-certs=/etc/ssl/certs

I built it as a package using dpkg-buildpackage and installed it with dpkg.
Perhaps this patch depends on other patches from trunk that are not available in the Ubuntu version?

Patch works for me using Ubuntu packages. Nice! Any chance we get the fix in 2.30.2 Monday? ;-)

Haggai: Maybe you have only installed the new gnome-keyring, and not libpam-gnome-keyring? Just guessing.

Yes, you're right (I'm embarrassed...)
It works fine after installing libpam-gnome-keyring. Thanks!

Committed fix similar to this patch and touching a few more corner cases:

commit 28f19c9b4cdc2fa3cfc0aa25f34760aee3c3c802
Author: Stef Walter <stef@memberwebs.com>
Date:   Sun May 23 16:19:39 2010 +0000

    Fix broken startup when used with gdm and password-less login.
    
    Fixes bug #611002

Milan, the 2.30.2 release isn't until June. However this will be included in that release for sure.

Hey, sorry for the newb question, but how exactly do I try this patch to see if it works for me?

I'm on Arch by the way! :D

Not sure, you have to grab the source package used by your distribution, and be able to build and install it. When you succeed to this, just apply the patch to the source tree by issuing something like:
patch -p1 < PATH_TO_PATCH
and building the package again.

I'm sure you'll find tutorials on the net, but I don't know how Arch works on that regard.

I'll probably just wait till the release comes out :) I'll make sure the Arch devs put it out as soon as possible :D

*** Bug 621618 has been marked as a duplicate of this bug. ***

alrighty!