Re: gnome-keyring password change

[Natxo Asenjo <natxo asenjo gmail com>]

On Thu, Jul 22, 2010 at 10:38 PM, Adam Schreiber <sadam gnome org> wrote:

thanks for your answer.

> On Thu, Jul 22, 2010 at 4:29 PM, Natxo Asenjo <natxo asenjo gmail com> wrote:
>> hi,
>>
>> maybe a stupid question, but is it possible to synchronize the login
>> system password with the seahorse keyring password?
>
> Unfortunately not.  When you change your password with passwd, there's
> no trigger for PAM to tell gnome-keyring to decrypt and then
> re-encrypt your keyring.  PAM also doesn't pass through the new
> password or the old one.

I am a bit confused, I must say. In
http://live.gnome.org/GnomeKeyring/Pam, section 'How it works', on the
fourth point it says:

"
When the user changes their password, the PAM module changes the
password of the 'login' keyring to match.

    * Again, here gnome-keyring-daemon is started if necessary.
    * If root changes the password, or /etc/shadow is directly edited
then due to the lack of the old password, the 'login' keyring cannot
be updated.
"

So this should work, should it not? In my case I used the root
account, so that explains why it did not work. I am testing now ...


>> The reason I ask is of course because everytime I need to change my
>> password because of company policy, I need to remember to change it in
>> seahorse as well. It is not really "user friendly" (I am thinking like
>> a user here, I am a sysadmin: if we were using linux more widely in
>> our desktops this stuff would give our helpdesk lots of troubles, I
>> can assure you).
>
> That's true.  I'm not sure that the server/thin client or corporate
> cases fall under gnome-keyring's philosophy. [1]  If you know of a way
> forward, let us know.

If it works like it is described in
http://live.gnome.org/GnomeKeyring/Pam I have nothing to complain
about.

-- 
natxo