[RFC] Getting GnomeKeyring + PAM to work out of the box
Marcin Wisnicki
mwisnicki+freebsd at gmail.com
Thu Jul 17 18:00:59 UTC 2008
Increasing number of Gnome and third-party applications are using
GnomeKeyring for their key/password storage needs.
Currently this means that after every login one have to enter key for
every keyring (usually just 1).
Most linux distributions automate this with a help of pam_keyring module.
This system is well described here: http://live.gnome.org/GnomeKeyring/Pam
Fortunately all necessary ingredients are already present in the system,
they just need proper configuration.
For this to work in a plug-and-play manner I propose following changes:
1. Move /etc/pam.d/gdm from base system to x11/gdm port
2. Add KEYRING option (enabled by default) to x11/gdm that:
(1) Adds runtime dependency on security/gnome-keyring
(2) Appends/uncomments pam_keyring lines in pam.d/gdm so it looks like
this (maybe it makes more sense to just "include system" ?):
=== gdm.in (to be installed as /usr/local/etc/pam.d/gdm) ===
auth required pam_unix.so no_warn try_first_pass
auth optional %%LOCALBASE%%/lib/security/pam_gnome_keyring.so
account required pam_nologin.so
account required pam_unix.so
session required pam_permit.so
session optional %%LOCALBASE%%/lib/security/pam_gnome_keyring.so auto_start
=== 8< ===
I can provide patches if gnome@ agrees to the changes.
More information about the freebsd-gnome
mailing list