2009-12-10 00:23

When you have enabled automatic login under Gnome/Ubuntu, the window asking your password to unlock the keyring at startup is very annoying ! Network-manager needs it to be able to use the Wifi keys.

If your keyring password is the same as your login password, the keyring is unlocked automatically when you type in your password to log in. This is not possible with autologin.

A solution is to put an empty keyring password. This is bad for security of all your passwords.

The best solution would be to store the wifi keys in the default keyring, and to store all the other passwords in another keyring. Maybe I didn’t check correctly, but from what I seen most applications only use the default keyring.

Average solution: put a “foo” password to the default keyring, unlocked at Gnome startup by a script. This is better than an empty password.

Here is my solution:

We change the default keyring password:

  1. Go in Applications > Accessories > Passwords and encryption keys (don’t loose 2 hours like me looking for it in System > Preferences, where it should be)
  2. Right click on the default keyring > Change password

We then create the python script with the following code:

vi ~/.lordiam.py
#!/usr/bin/python
import gnomekeyring
#gnomekeyring.lock_sync(None);
gnomekeyring.unlock_sync(None, 'mypassword');

We prevent other user from reading the file:

chmod 700 ~/.lordiam.py

We test it. Expect 0 as return code (the warning is normal):

~/.lordiam.py
echo $?

Now, we add the script at startup in System > Preferences > Startup Applications:

Command: /home/USER/.lordiam.py

Finally, we reboot the PC to test the whole thing.

Notes:

  • The fact that the script is called before network-manager start is a chance. I didn’t found how to put a priority on it in the Gnome startup programs.
  • What is the ‘login’ keyring for ? From what I understand, it is for storing passwords which will be forgotten at session end.
  • For the script, we choose a common name, less remarkable than unlock_keyring.py. We also put the script as hidden file. It is better than nothing.

References:

  • apt-get source libpam-gnome-keyring
  • apt-get source python-gnomekeyring
2009-12-10 00:23 · Tags: , , ,

2 Comments

  1. daniel apostolov

    a nice solution for setting autoruns order is to collect all dependent autoruns in a single bash script in the required order, set it as an autorun and disable the separate autoruns from the “startup applications” applet. here is my version:

    #! /bin/sh
    /usr/bin/gnome-keyring-daemon –start –components=pkcs11
    /usr/bin/gnome-keyring-daemon –start –components=gpg
    /usr/bin/gnome-keyring-daemon –start –components=secrets
    /usr/bin/gnome-keyring-daemon –start –components=ssh
    /home/daniel/.lordiam.py

    thank you for this article :)

    Reply

  2. Right!
    Thanks for the tip.

    Reply

Leave a Reply to hitier Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>