Howto: Get Network Manager to stop asking you for your keyring password (pam_keyring)

[Kawayanan]

Howto: Get Network Manager to stop asking you for your keyring password


I am by no means an expert on PAM (Pluggable Authentication Module) or pam_keyring so I wanted to start by acknowleging where I got my info:

Mike Petullo - first wrote the pam_keyring module
Jonathan Nettleton - current maintainer of pam_keyring and added code to allow this module to work with the older PAM included with Ubuntu
s31523 and Buell (from these forums) - for posting the topic and comment that helped me get this working.

After I got my wireless working in 6.06 using Network Manager I was very happy, but it would be nice not to have to enter the keyring password after logging in. Luckily, there is a PAM module pam_keyring that will automatically unlock your gnome keyring when you login. You can find pam_keyring and more info here. Pam_keyring is not currently an available package for Ubuntu, but you can get it installed pretty easily on 6.06. For this to work, your login password and your keyring password must be the same. If the two passwords are not the same, there are a few possibilities. (See below)**

Pam_keyring requires the following packages (I think they are installed by default in 6.06):
gnome-keyring >= 0.4.8
gnome-session >= 2.10
pam >= 0.77

Since you will need to compile pam_keyring from source, you will also need some development packages. Here are the additional packages that I needed to install (were not installed by default in 6.06):

build-essential
libtool
libglib2.0-dev
libgnome-keyring-dev
libpam0g-dev

You can install these packages using Synaptic. Then download pam_keyring-0.0.8.tar.gz. Open a terminal window, find the downloaded tarball and do the following at the command line:

Code:

tar -xvvzf pam_keyring-0.0.8.tar.gz

Code:

cd pam_keyring-0.0.8

Code:

./configure --prefix=/usr --libdir=/lib

- hopefully you get no errors here. If you do, most likely you are missing a needed package.

Code:

make

Code:

sudo make install

- this should ask you for your password

Now, you will need to edit one file. I use vi, but if you are more comfortable with a graphical editor you can enter the following:

Code:

sudo gedit /etc/pam.d/gdm

add the following two lines to the end of the file:

Code:

auth optional pam_keyring.so try_first_pass
session optional pam_keyring.so

Now you can reboot and it should not ask you for your keyring password to log onto your encrypted wireless network.

Hope this works for everyone.

Kawayanan


** If your login password and your keyring password are not the same, you have to fix this and there are a couple of possible ways. Unfortuantely, there isn't a good way to change your keyring password, and you will need to work around this.

1) Change you login password to match your keyring password

2) You may be able to remove the keyring entirely and create a new one. See this page for info. I haven't tried this, but howfully the next time Network Manager tries to logon to your encrypted wireless network it would ask you for the encryption key again and create a new keyring (use your logon password this time). Someone should post if they do whis to confirm this works.

3) If you are feeling really brave, Jonathan Nettleton (who maintains pam_keyring) has submitted a patch to the gnome-keyring that allows you to change the keyring password. It has not been excepted yet, but he has provided patched cvs downloads that people can test. He has more info and the downloads here. Hopefull in the future, we will all be able to easily change our keyring passwords. Thanks Jonathan Nettleton.

[KillerKiwi]

A "checkinstall" might be better than "sudo make install", im trying this as soon as I get home.

[Chrissss]

Ah, thanks! NOW you actually can work with gnome-keyring

[kleeman]

Did not work for me. I had to delete my old keyring using keyring manager in order to get passwords to match so maybe this is the issue

[?????]

It works! Thanks for the howto.

[yopnono]

Made a .DEB for those that are little lazy But you still need to add this to the GDM file.

cd /etc/pam.d
sudo gedit gdm

Code:

## Added so that NetworkManager doesn't keep asking for Keyring password.
## relies on having same password to keyring as login password. 
auth optional pam_keyring.so try_first_pass 
session optional pam_keyring.so

[horace]

Thanks for the .deb (and the howto) - installed and working for me too. That's another little annoyance crossed off the list (on my wife's laptop, so it needs to be kept simple ....)

[rmjb]

Okay I tried this hoping nautilus wouldn't ask me for the keyring password when accessing my samba shares, but that didn't work, how do I uninstall pam_keyring?

- rmjb

[rmjb]

Okay, I was lazy and I didn't reboot to test this initially, now that I've rebooted it works.

- rmjb

[mrojas73]

Kawayanan; Thank you very much. This worked like a charm for me on my Presario V2000, it's nice not having to enter the password everytime I reboot.

Good work!