After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 769950 - Support getting automatic login password from LUKS
Support getting automatic login password from LUKS
Status: RESOLVED FIXED
Product: gdm
Classification: Core
Component: general
unspecified
Other All
: Normal normal
: ---
Assigned To: GDM maintainers
GDM maintainers
Depends on:
Blocks:
 
 
Reported: 2016-08-15 19:47 UTC by Ray Strode [halfline]
Modified: 2016-09-09 00:46 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
pam_gdm: add stub pam module (9.60 KB, patch)
2016-08-15 19:47 UTC, Ray Strode [halfline] 		committed Details | Review
pam: grab cached password from systemd and pass it on (10.35 KB, patch)
2016-08-15 19:47 UTC, Ray Strode [halfline] 		committed Details | Review
pam: grab cached password from systemd and pass it on (10.39 KB, patch)
2016-08-19 19:03 UTC, Ray Strode [halfline] 		committed Details | Review
pam_gdm: add stub pam module (9.63 KB, patch)
2016-08-19 19:04 UTC, Ray Strode [halfline] 		committed Details | Review

Description Ray Strode [halfline] 2016-08-15 19:47:05 UTC 
On single user systems, the LUKS password and the login password are often
the same. systemd helpfully puts the LUKS password into the kernel keyring
for the first few minutes following boot.  We can extract that password
and use it for automatic login situations.

This first draft does the bare minimum to make that happen.
Comment 1 Ray Strode [halfline] 2016-08-15 19:47:13 UTC 
Created attachment 333377 [details] [review]
pam_gdm: add stub pam module

It doesn't do anything yet, but it will eventually get used for
autologin purposes, and maybe other things.
Comment 2 Ray Strode [halfline] 2016-08-15 19:47:17 UTC 
Created attachment 333378 [details] [review]
pam: grab cached password from systemd and pass it on

If the user has an encrypted disk then systemd will cache the password
they type into the keyring. It makes sense to try to use this password
for automatic login purposes first, since on single user machines,
the sole user password is likely to match the disk password.

Of course if it doesn't work we'll fall back to the old way of doing
automatic login without a password (and then the user will have to
manualy enter if they need to for gnome-keyring or whatever)
Comment 3 Ray Strode [halfline] 2016-08-19 19:03:47 UTC 
The following fixes have been pushed:
31ed6f2 pam: grab cached password from systemd and pass it on
714b6af pam_gdm: add stub pam module
Comment 4 Ray Strode [halfline] 2016-08-19 19:03:57 UTC 
Created attachment 333690 [details] [review]
pam: grab cached password from systemd and pass it on

If the user has an encrypted disk then systemd will cache the password
they type into the keyring. It makes sense to try to use this password
for automatic login purposes first, since on single user machines,
the sole user password is likely to match the disk password.

Of course if it doesn't work we'll fall back to the old way of doing
automatic login without a password (and then the user will have to
manualy enter if they need to for gnome-keyring or whatever)
Comment 5 Ray Strode [halfline] 2016-08-19 19:04:02 UTC 
Created attachment 333691 [details] [review]
pam_gdm: add stub pam module

It doesn't do anything yet, but it will eventually get used for
autologin purposes, and maybe other things.
Comment 6 Ray Strode [halfline] 2016-08-30 20:38:44 UTC 
note these changes caused problems, see bug 770612
Comment 7 Michael Catanzaro 2016-09-09 00:46:39 UTC 
I didn't realize this happened. Did you propose it for the release notes? We should advertise this!