title: I hate the gnome-keyring, part due link: https://onemoretech.wordpress.com/2008/07/22/i-hate-the-gnome-keyring-part-due/ author: lembobro description: post_id: 486 created: 2008/07/22 01:31:20 created_gmt: 2008/07/22 01:31:20 comment_status: open post_name: i-hate-the-gnome-keyring-part-due status: publish post_type: post

I hate the gnome-keyring, part due

In an earlier post where I discussed the improved state of mobile computing on Linux, particularly since NetworkManager showed up as a standard part of RHEL (and by implication CentOS), I mentioned in passing my struggles with the gnome-keyring and cited a Google query for others to chase down for the details. That cavalier attitude came back to haunt me the last couple of days when I had to get wireless up and running on my new work laptop, a Lenovo T61 with the Intel iwl4965 card.

After multiple reboots and a lot of experimentation, here’s the info I should have documented the first time around.

Unless you make some modifications to the default configuration, nm-applet, the NetworkManager software, will prompt for a default gnome keyring password whenever you log in. Not that it won’t connect without one (it will), but it will keep flashing the dialog like some eerie reminder of the Windows 95 networking logon box.

To circumvent this, you need to get gnome’s security subsystem to use your gnome login credential in place of a keyring credential.

First, install pam_keyring.

Then edit /etc/pam.d/gdm and make it look like the following (if you are running SELinux, you’ll need the optional lines that are indicated in italics — leave these out if not using SELinux):

auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth required pam_env.so
auth optional pam_keyring.so try_first_pass
auth include system-auth
auth optional pam_gnome_keyring.so
account required pam_nologin.so
account include system-auth
password include system-auth
session required pam_selinux.so close
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_namespace.so
session optional pam_gnome_keyring.so auto_start
session optional pam_keyring.so

The above config comes from this thread on the Fedora Forum.

Before going off and logging in again, be sure to delete ~/.gnome2/keyrings/default.keyring from every user’s home directory, including /root. You’ll be prompted to supply any WEP or other key for any secure wireless AP you want to connect to, but only once. You won’t be prompted for a keyring manager password.

Copyright 2004-2019 Phil Lembo