Results 1 to 10 of 10

Thread: Passwords and Keyrings

  1. #1
    Join Date
    Oct 2009
    Location
    South Africa
    Beans
    30
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Passwords and Keyrings

    Since i can remember, the Default Keyring bug has existed in Ubuntu popping up every time the network manager wants to connect to my wireless network. The only way to get around this bug is to remove the password for the default keyring which therefore exposes all you passwords to any one who knows where to look. This is a major security issue that i've overlooked for far too long.

    Now for the first time since i started using Ubuntu i need change my password. I went to "Users and Groups" and changed the password and got a comforting "Your password has been changed" message. I would normally carry on with my tasks and forget about it but because of the Default Keyring bug i thought i'd better make sure things are as they should be. I logged out and attempted to log back in with my new password.

    No luck, the new password is sternly denied and the old password is accepted. Unbelievable, Linux security is something i've often boasted about but the truth is the security in Ubuntu is in a shocking state and has been this way for years. This is not acceptable.
    TheOpenTangent
    Open Standards • Open Source • Open Media • Open Mind

  2. #2
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    5,842
    Distro
    Xubuntu 15.04 Vivid Vervet

    Re: Passwords and Keyrings

    I see no reason why the keyring password should match the login password. In fact, I think to tie them together would be silly. The keyring should be able to have its own password (and you have discovered that it can). I believe the keyring password can be changed in the keyrings configuration utility.

    Asking for your keyring password every time it wants to connect to wireless gets on my nerves too. It was one of the reasons I started using wicd instead. The other reasons were for better reliability (although NM has got better), and wanting wireless to work even when nobody is logged into the GUI.

  3. #3
    Join Date
    Oct 2009
    Location
    South Africa
    Beans
    30
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Passwords and Keyrings

    I do agree that the keyring password should be able to be separate from your user password but i feel that by default it should be unlocked when you log in unless you explicitly tell it to ask every time.

    As for changing of the user password; i got it right by running "Users and Groups" as super user:
    Code:
    sudo users-admin
    I think this could be considered a papercut.
    TheOpenTangent
    Open Standards • Open Source • Open Media • Open Mind

  4. #4
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    5,842
    Distro
    Xubuntu 15.04 Vivid Vervet

    Re: Passwords and Keyrings

    Quote Originally Posted by OpenTangent View Post
    I do agree that the keyring password should be able to be separate from your user password but i feel that by default it should be unlocked when you log in unless you explicitly tell it to ask every time.
    I thought (could be wrong) that if the passwords matched then the keyring was automatically unlocked as part of the login process.

    As far as I can tell, your complaint boils down to the fact that changing the login password didn't also chang the keyring password. That's an interesting proposition. Maybe it should, if the passwords happen to match in the first place. But I do see problems;

    What if root (or some other admin user acting as root) changes your password with the users and groups dialog. Should the keyring password change then?

    Should the Gnome users and passwords GUI widget change the KDE kwallet password?

    And if the password is changed by command line (passwd command or by root using the "passwd <username>" command directly? Should the non-gui commands try to find out if the user has a seahorse/kwallet/other-desktop password protected keyring/wallet/whatever and change the password then?

    I'm not saying it can't be done, but I think it's not as simple as you think.
    Last edited by The Cog; March 28th, 2010 at 04:26 PM.

  5. #5
    Join Date
    Mar 2007
    Location
    Oslo, Norway
    Beans
    24
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Passwords and Keyrings

    Quote Originally Posted by The Cog View Post
    I thought (could be wrong) that if the passwords matched then the keyring was automatically unlocked as part of the login process.
    That is correct.

    The only complaint I have is that changing the default gnome keyring password is not intuitive. Had to click a little bit around before I actually found out to right click on the "Passwords: login" folder in the Passwords tab in Seahorse.

    I definitely agree that there should not be anything automatic between the 'passwd' command and the Seahorse GUI. Login passwords are not the same as keyring encryption passwords or passphrases.

    My two cents.

  6. #6
    Join Date
    Oct 2009
    Location
    South Africa
    Beans
    30
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Passwords and Keyrings

    Just to post an update here, I just tested on Ubuntu 10.04 and Default keyring still does not automatically unlock (matching login password). I will therefore continue to use a blank password for my default keyring. At least seven Ubuntu releases have gone out with this bug.
    TheOpenTangent
    Open Standards • Open Source • Open Media • Open Mind

  7. #7
    Join Date
    Oct 2006
    Beans
    4,624
    Distro
    Kubuntu 15.04 Vivid Vervet

    Re: Passwords and Keyrings

    There should be an option if you expand the Details part of the password dialog that says automatically unlock the keyring when I log in, or something like that.
    Blog | Ubuntu User #15350 | Zsh FTW | Ubuntu Security | Nothing to hide?
    AMD Phenom II X6 1075T @ 3GHz, Nvidia GTX 650, 8GB DDR3 RAM, 2 X 1TB, 1 X 3TB HDD
    Please don't request support via PM


  8. #8
    Join Date
    Oct 2009
    Location
    South Africa
    Beans
    30
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Passwords and Keyrings

    Is this maybe an issue with the auto Ubuntu login? Maybe the keyring is only unlocked if you physically type your password at login?
    TheOpenTangent
    Open Standards • Open Source • Open Media • Open Mind

  9. #9
    Join Date
    Nov 2009
    Beans
    919
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Passwords and Keyrings

    Quote Originally Posted by OpenTangent View Post
    Is this maybe an issue with the auto Ubuntu login? Maybe the keyring is only unlocked if you physically type your password at login?
    That could very well be. I've never used the auto-login and have never had a problem with the wireless network connecting or with anything else that uses the keyring. Having said that, I've not bothered to test that by implementing auto-login either.

  10. #10
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Passwords and Keyrings

    Quote Originally Posted by OpenTangent View Post
    Is this maybe an issue with the auto Ubuntu login? Maybe the keyring is only unlocked if you physically type your password at login?
    That is the issue. Auto login is considerd by most, including the Gnome and Ubuntu developers, such that autologin disables automatic decryption of your home directory and also the keyring.

    You would need to re-write the code yourself to change this behaviour and such a project would not be supported on these forums.

    You could file a bug report, but my guess is it would not be implemented.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •