Re: gnome-keyring password change

From: Adam Schreiber <sadam gnome org>
To: Natxo Asenjo <natxo asenjo gmail com>
Cc: seahorse-list gnome org, gnome-keyring-list gnome org
Subject: Re: gnome-keyring password change
Date: Fri, 23 Jul 2010 08:22:21 -0400

You're correct and so is Stef.  I was wrong.

Adam

On Fri, Jul 23, 2010 at 2:04 AM, Natxo Asenjo <natxo asenjo gmail com> wrote:
> On Thu, Jul 22, 2010 at 10:38 PM, Adam Schreiber <sadam gnome org> wrote:
>
> thanks for your answer.
>
>> On Thu, Jul 22, 2010 at 4:29 PM, Natxo Asenjo <natxo asenjo gmail com> wrote:
>>> hi,
>>>
>>> maybe a stupid question, but is it possible to synchronize the login
>>> system password with the seahorse keyring password?
>>
>> Unfortunately not.  When you change your password with passwd, there's
>> no trigger for PAM to tell gnome-keyring to decrypt and then
>> re-encrypt your keyring.  PAM also doesn't pass through the new
>> password or the old one.
>
> I am a bit confused, I must say. In
> http://live.gnome.org/GnomeKeyring/Pam, section 'How it works', on the
> fourth point it says:
>
> "
> When the user changes their password, the PAM module changes the
> password of the 'login' keyring to match.
>
>    * Again, here gnome-keyring-daemon is started if necessary.
>    * If root changes the password, or /etc/shadow is directly edited
> then due to the lack of the old password, the 'login' keyring cannot
> be updated.
> "
>
> So this should work, should it not? In my case I used the root
> account, so that explains why it did not work. I am testing now ...
>
>
>>> The reason I ask is of course because everytime I need to change my
>>> password because of company policy, I need to remember to change it in
>>> seahorse as well. It is not really "user friendly" (I am thinking like
>>> a user here, I am a sysadmin: if we were using linux more widely in
>>> our desktops this stuff would give our helpdesk lots of troubles, I
>>> can assure you).
>>
>> That's true.  I'm not sure that the server/thin client or corporate
>> cases fall under gnome-keyring's philosophy. [1]  If you know of a way
>> forward, let us know.
>
> If it works like it is described in
> http://live.gnome.org/GnomeKeyring/Pam I have nothing to complain
> about.
>
> --
> natxo
> _______________________________________________
> seahorse-list mailing list
> seahorse-list gnome org
> http://mail.gnome.org/mailman/listinfo/seahorse-list
>

References:
- Re: gnome-keyring password change
  - From: Adam Schreiber
- Re: gnome-keyring password change
  - From: Natxo Asenjo

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]