Re: password change
- From: Adam Schreiber <sadam gnome org>
- To: Natxo Asenjo <natxo asenjo gmail com>
- Cc: seahorse-list gnome org, gnome-keyring-list gnome org
- Subject: Re: password change
- Date: Fri, 23 Jul 2010 08:22:21 -0400
You're correct and so is Stef. I was wrong.
On Fri, Jul 23, 2010 at 2:04 AM, Natxo Asenjo <natxo asenjo gmail com> wrote:
> On Thu, Jul 22, 2010 at 10:38 PM, Adam Schreiber <sadam gnome org> wrote:
> thanks for your answer.
>> On Thu, Jul 22, 2010 at 4:29 PM, Natxo Asenjo <natxo asenjo gmail com> wrote:
>>> maybe a stupid question, but is it possible to synchronize the login
>>> system password with the seahorse keyring password?
>> Unfortunately not. When you change your password with passwd, there's
>> no trigger for PAM to tell gnome-keyring to decrypt and then
>> re-encrypt your keyring. PAM also doesn't pass through the new
>> password or the old one.
> I am a bit confused, I must say. In
> http://live.gnome.org/GnomeKeyring/Pam, section 'How it works', on the
> fourth point it says:
> When the user changes their password, the PAM module changes the
> password of the 'login' keyring to match.
> * Again, here gnome-keyring-daemon is started if necessary.
> * If root changes the password, or /etc/shadow is directly edited
> then due to the lack of the old password, the 'login' keyring cannot
> be updated.
> So this should work, should it not? In my case I used the root
> account, so that explains why it did not work. I am testing now ...
>>> The reason I ask is of course because everytime I need to change my
>>> password because of company policy, I need to remember to change it in
>>> seahorse as well. It is not really "user friendly" (I am thinking like
>>> a user here, I am a sysadmin: if we were using linux more widely in
>>> our desktops this stuff would give our helpdesk lots of troubles, I
>>> can assure you).
>> That's true. I'm not sure that the server/thin client or corporate
>> cases fall under gnome-keyring's philosophy.  If you know of a way
>> forward, let us know.
> If it works like it is described in
> http://live.gnome.org/GnomeKeyring/Pam I have nothing to complain
> seahorse-list mailing list
> seahorse-list gnome org
] [Thread Prev