[RFC] Getting GnomeKeyring + PAM to work out of the box
Joe Marcus Clarke
marcus at marcuscom.com
Thu Jul 17 18:11:24 UTC 2008
On Thu, 2008-07-17 at 18:00 +0000, Marcin Wisnicki wrote:
> Increasing number of Gnome and third-party applications are using
> GnomeKeyring for their key/password storage needs.
>
> Currently this means that after every login one have to enter key for
> every keyring (usually just 1).
> Most linux distributions automate this with a help of pam_keyring module.
> This system is well described here: http://live.gnome.org/GnomeKeyring/Pam
>
> Fortunately all necessary ingredients are already present in the system,
> they just need proper configuration.
>
> For this to work in a plug-and-play manner I propose following changes:
>
> 1. Move /etc/pam.d/gdm from base system to x11/gdm port
> 2. Add KEYRING option (enabled by default) to x11/gdm that:
> (1) Adds runtime dependency on security/gnome-keyring
> (2) Appends/uncomments pam_keyring lines in pam.d/gdm so it looks like
> this (maybe it makes more sense to just "include system" ?):
>
> === gdm.in (to be installed as /usr/local/etc/pam.d/gdm) ===
> auth required pam_unix.so no_warn try_first_pass
> auth optional %%LOCALBASE%%/lib/security/pam_gnome_keyring.so
>
> account required pam_nologin.so
> account required pam_unix.so
>
> session required pam_permit.so
> session optional %%LOCALBASE%%/lib/security/pam_gnome_keyring.so auto_start
> === 8< ===
>
> I can provide patches if gnome@ agrees to the changes.
Yeah, please do.
Joe
--
PGP Key : http://www.marcuscom.com/pgp.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-gnome/attachments/20080717/a66db31b/attachment.pgp
More information about the freebsd-gnome
mailing list