Bug 664268 – Feature Request: Gconf Setting To Only Use "Unsafe Storage".

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 664268 - Feature Request: Gconf Setting To Only Use "Unsafe Storage".


Summary:	Feature Request: Gconf Setting To Only Use "Unsafe Storage".


Status:	RESOLVED OBSOLETE

Product:	gnome-keyring
Classification:	Core
Component:	general
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	GNOME keyring maintainer(s)
QA Contact:	GNOME keyring maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2011-11-17 13:06 UTC by David Richards
Modified:	2021-06-18 10:40 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Mockup (35.66 KB, image/png) 2011-11-17 13:06 UTC, David Richards	Details

Description David Richards 2011-11-17 13:06:01 UTC

We are requesting a gconf setting in gnome-keyring that allows a system administrator to configure it so that it uses the unsafe/default password only and makes no attempt to bring up the UI and ask users for input.  We are deploying to hundreds of users and the keyring has proven to be very support intensive.  Users don't know what it is, what password to enter, how it relates to their other passwords and don't know why it pops open each day.  In some environments the current functionality is not desired.


If there is a strong opposition to this, I have built a mockup that might have worked better.  The problem with the current UI is that it doesn't clearly indicate that you have the option to store in the default keyring by leaving the second password empty.

Comment 1 David Richards 2011-11-17 13:06:49 UTC

Created attachment 201591 [details]
Mockup

Comment 2 Stef Walter 2011-11-17 20:40:48 UTC

Thanks for thinking about this. I agree that the users shouldn't be asked for this password. The goal of gnome-keyring is to show as few prompts as possible. We really shouldn't be showing this prompt for most users.

There are two ways to solve this:

 * If gnome-keyring is set up correctly with PAM, then a default 'login' keyring 
   is automatically created for the user using the same password as their gdm
   login. This is configured for you by most distros, although I understand you
   may have customized you setup somewhat, so here's the docs:

   https://live.gnome.org/GnomeKeyring/Pam

 * If you'd rather have a policy of not having users passwords stored encrypted
   on your network, you can prepopulate their home directory with two files:

   ~/gnome2/keyrings/default  (containing the text "default")
   ~/gnome2/keyrings/default.keyring  (containing the following text:)

[keyring]
display-name=Default
ctime=1198027852
mtime=1198027852
lock-on-idle=false
lock-after=false

If the latter option is a common pattern, (eg: none of the network users keyrings are encrypted because home directories are encrypted) then perhaps we should make an command line tool that an admin could use to automatically setup such unencrypted keyrings?

Comment 3 Stef Walter 2012-03-15 09:49:52 UTC

Are you interested in contributing a patch to implement this?

Comment 4 André Klapper 2021-06-18 10:40:57 UTC

GNOME is going to shut down bugzilla.gnome.org in favor of gitlab.gnome.org.
As part of that, we are mass-closing older open tickets in bugzilla.gnome.org
which have not seen updates for a longer time (resources are unfortunately
quite limited so not every ticket can get handled).

If you can still reproduce the situation described in this ticket in a recent
and supported software version, then please follow
  https://wiki.gnome.org/GettingInTouch/BugReportingGuidelines
and create a new ticket at
  https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/

Thank you for your understanding and your help.