Ubuntu Forums - View Single Post - HOWTO: Get rid of the keyring requests, once and for all, for permanent!

jonlatane · 08:19 PM

Okay, I've seen lots of guides about using PAM Keyring to make nm-applet (and other keyring programs) stop asking for your password all the time. However, all of them have their problems (especially with suspend/resume) so I'd like to share my solution with everybody. This fixes the problem with suspend/resume AND makes allows you to use PAM-keyring even if you don't have the same keyring and user passwords.

NOTE: This method, from what I understand, is not considered as secure as many others. It involves keeping your user and keyring passwords in plain text files. Technically, someone else can get your passwords from this if they have access to your computer (say you leave your desk, someone comes over, knows where the hidden file is, opens it, and gets your password). However, this is honestly just a hack for convenience. You shouldn't use this if you're really deeply concerned about your data.

Install PAM Keyring package
Simply do:
Code:
```
sudo aptitude install libpam-keyring
```
Unlock Keyring when you login
Here we will create a script that will unlock your keyring as soon as you log in. In a terminal, do:
Code:
```
mkdir ~/.bin
gedit ~/.bin/pam-keyring-unlock.sh
```
You may pick a different file if you want, but I'd recommend preceding something with a "." so the file or its containing directory will be hidden.
In this file, copy and paste this:
Code:
```
#!/bin/bash
echo <PASSWORD> | /usr/lib/libpam-keyring/pam-keyring-tool --unlock --keyring=default -s
```
And replace <PASSWORD> with your default keyring password. Now run this to make it executable:
Code:
```
chmod a+x ~/.bin/pam-keyring-unlock.sh
```
After that, just go to System->Preferences->Sessions. In the "Startup Programs" tab (the default one) click "New." In the dialog, enter "PAM Keyring Configuration" for the name and /home/<USERNAME>/.bin/pam-keyring-unlock.sh for the command, replacing <USERNAME> with your username.
Unlock keyring when you resume
This step is optional, but really really useful for laptop owners and even easier than the last. Execute:
Code:
```
sudo gedit /etc/acpi/resume.d/99-pam-keyring-unlock.sh
```
In the text editing window that appears, copy and paste this:
Code:
```
#!/bin/bash
echo <USERPASSWORD> | sudo -u <USERNAME> -S echo <KEYRINGPASSWORD> | /usr/lib/libpam-keyring/pam-keyring-tool --unlock --keyring=default -s
```
And replace <USERPASSWORD> with the password you use to login, <USERNAME> with your username, and <KEYRINGPASSWORD> with your keyring password. Then do:
Code:
```
sudo chmod a+x /etc/acpi/resume.d/99-pam-keyring-unlock.sh
```
You should never be asked for a keyring password after resume again!

Hope this works for everyone, and I didn't forget anything. I can confirm that it works flawlessly on my Thinkpad T43. Please, reply with any feedback or thoughts or things I missed or any other problems.

May 3rd, 2007	#1
jonlatane First Cup of Ubuntu Join Date: Jan 2007 Beans: 11	HOWTO: Get rid of the keyring requests, including after suspend/resume and more Okay, I've seen lots of guides about using PAM Keyring to make nm-applet (and other keyring programs) stop asking for your password all the time. However, all of them have their problems (especially with suspend/resume) so I'd like to share my solution with everybody. This fixes the problem with suspend/resume AND makes allows you to use PAM-keyring even if you don't have the same keyring and user passwords. NOTE: This method, from what I understand, is not considered as secure as many others. It involves keeping your user and keyring passwords in plain text files. Technically, someone else can get your passwords from this if they have access to your computer (say you leave your desk, someone comes over, knows where the hidden file is, opens it, and gets your password). However, this is honestly just a hack for convenience. You shouldn't use this if you're really deeply concerned about your data. Install PAM Keyring package Simply do: Code: sudo aptitude install libpam-keyring Unlock Keyring when you login Here we will create a script that will unlock your keyring as soon as you log in. In a terminal, do: Code: mkdir ~/.bin gedit ~/.bin/pam-keyring-unlock.sh You may pick a different file if you want, but I'd recommend preceding something with a "." so the file or its containing directory will be hidden. In this file, copy and paste this: Code: #!/bin/bash echo <PASSWORD> \| /usr/lib/libpam-keyring/pam-keyring-tool --unlock --keyring=default -s And replace <PASSWORD> with your default keyring password. Now run this to make it executable: Code: chmod a+x ~/.bin/pam-keyring-unlock.sh After that, just go to System->Preferences->Sessions. In the "Startup Programs" tab (the default one) click "New." In the dialog, enter "PAM Keyring Configuration" for the name and /home/<USERNAME>/.bin/pam-keyring-unlock.sh for the command, replacing <USERNAME> with your username. Unlock keyring when you resume This step is optional, but really really useful for laptop owners and even easier than the last. Execute: Code: sudo gedit /etc/acpi/resume.d/99-pam-keyring-unlock.sh In the text editing window that appears, copy and paste this: Code: #!/bin/bash echo <USERPASSWORD> \| sudo -u <USERNAME> -S echo <KEYRINGPASSWORD> \| /usr/lib/libpam-keyring/pam-keyring-tool --unlock --keyring=default -s And replace <USERPASSWORD> with the password you use to login, <USERNAME> with your username, and <KEYRINGPASSWORD> with your keyring password. Then do: Code: sudo chmod a+x /etc/acpi/resume.d/99-pam-keyring-unlock.sh You should never be asked for a keyring password after resume again! Hope this works for everyone, and I didn't forget anything. I can confirm that it works flawlessly on my Thinkpad T43. Please, reply with any feedback or thoughts or things I missed or any other problems. Last edited by jonlatane; May 21st, 2007 at 08:19 PM..