Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 17 Jul 2008 14:11:42 -0400
From:      Joe Marcus Clarke <marcus@marcuscom.com>
To:        Marcin Wisnicki <mwisnicki+freebsd@gmail.com>
Cc:        freebsd-gnome@freebsd.org
Subject:   Re: [RFC] Getting GnomeKeyring + PAM to work out of the box
Message-ID:  <1216318302.41822.42.camel@shumai.marcuscom.com>
In-Reply-To: <g5o1cc$9lk$1@ger.gmane.org>
References:  <g5o1cc$9lk$1@ger.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--=-H/2NFvVLmfi5Rhw0tCtj
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Thu, 2008-07-17 at 18:00 +0000, Marcin Wisnicki wrote:
> Increasing number of Gnome and third-party applications are using=20
> GnomeKeyring for their key/password storage needs.
>=20
> Currently this means that after every login one have to enter key for=20
> every keyring (usually just 1).
> Most linux distributions automate this with a help of pam_keyring module.
> This system is well described here: http://live.gnome.org/GnomeKeyring/Pa=
m
>=20
> Fortunately all necessary ingredients are already present in the system,=20
> they just need proper configuration.
>=20
> For this to work in a plug-and-play manner I propose following changes:
>=20
> 1. Move /etc/pam.d/gdm from base system to x11/gdm port
> 2. Add KEYRING option (enabled by default) to x11/gdm that:
>    (1)  Adds runtime dependency on security/gnome-keyring
>    (2)  Appends/uncomments pam_keyring lines in pam.d/gdm so it looks lik=
e
> 	this (maybe it makes more sense to just "include system" ?):
>=20
> =3D=3D=3D gdm.in (to be installed as /usr/local/etc/pam.d/gdm) =3D=3D=3D
> auth     required  pam_unix.so   no_warn try_first_pass
> auth     optional  %%LOCALBASE%%/lib/security/pam_gnome_keyring.so
>=20
> account  required  pam_nologin.so
> account  required  pam_unix.so
>=20
> session  required  pam_permit.so
> session  optional  %%LOCALBASE%%/lib/security/pam_gnome_keyring.so  auto_=
start
> =3D=3D=3D 8< =3D=3D=3D
>=20
> I can provide patches if gnome@ agrees to the changes.

Yeah, please do.

Joe

--=20
PGP Key : http://www.marcuscom.com/pgp.asc

--=-H/2NFvVLmfi5Rhw0tCtj
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEABECAAYFAkh/i10ACgkQb2iPiv4Uz4e1KgCgjCoXcJpm2SHjcfVj132cas2R
I24AoK3xIW86oi+d2G5bPY6aA1ApeWj3
=hqRT
-----END PGP SIGNATURE-----

--=-H/2NFvVLmfi5Rhw0tCtj--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1216318302.41822.42.camel>