Re: GNOME keyring unlocking



On 10/10/13 11:13, p10 wrote:
autologin doesn't unlock the keyring . I think I
understand more or less why that's happening

The reason is: libpam-gnome-keyring needs your password to decrypt the
keyring. Without your password, it just doesn't have enough information.

 Now my first question is - how does GDM store the password to autologin
a specific user

It doesn't. GDM (or at least, enough of GDM) is a privileged process
running as root with full capabilities, and can do whatever it has been
configured to do, including changing its uid to you without asking for a
password first.

Login processes *usually* prompt for, and check, an "ordinary password"
first - but that's not required. They can equally well use a
one-time-password scheme like OATH[1], query a fingerprint reader[2], or
just say "yes" regardless[3]. When GDM has been configured to
auto-login, its policy for that user's login is "just say yes".

when AFAIK the kernel handles user login services

The kernel doesn't handle user login services (at least, not on typical
Unix OSs like Linux and *BSD). The kernel allows processes with
appropriate capabilities[4] to become another user. That's all gdm has
to do.

    S

[1] more secure than ordinary passwords
[2] not actually very secure
[3] not at all secure
[4] approximately "running as root", although on a modern system,
    Linux capabilities (POSIX.1e draft capabilities) are also involved



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]