Date: Thu, 17 Jul 2008 14:11:42 -0400 From: Joe Marcus Clarke <marcus@marcuscom.com> To: Marcin Wisnicki <mwisnicki+freebsd@gmail.com> Cc: freebsd-gnome@freebsd.org Subject: Re: [RFC] Getting GnomeKeyring + PAM to work out of the box Message-ID: <1216318302.41822.42.camel@shumai.marcuscom.com> In-Reply-To: <g5o1cc$9lk$1@ger.gmane.org> References: <g5o1cc$9lk$1@ger.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-H/2NFvVLmfi5Rhw0tCtj Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2008-07-17 at 18:00 +0000, Marcin Wisnicki wrote: > Increasing number of Gnome and third-party applications are using=20 > GnomeKeyring for their key/password storage needs. >=20 > Currently this means that after every login one have to enter key for=20 > every keyring (usually just 1). > Most linux distributions automate this with a help of pam_keyring module. > This system is well described here: http://live.gnome.org/GnomeKeyring/Pa= m >=20 > Fortunately all necessary ingredients are already present in the system,=20 > they just need proper configuration. >=20 > For this to work in a plug-and-play manner I propose following changes: >=20 > 1. Move /etc/pam.d/gdm from base system to x11/gdm port > 2. Add KEYRING option (enabled by default) to x11/gdm that: > (1) Adds runtime dependency on security/gnome-keyring > (2) Appends/uncomments pam_keyring lines in pam.d/gdm so it looks lik= e > this (maybe it makes more sense to just "include system" ?): >=20 > =3D=3D=3D gdm.in (to be installed as /usr/local/etc/pam.d/gdm) =3D=3D=3D > auth required pam_unix.so no_warn try_first_pass > auth optional %%LOCALBASE%%/lib/security/pam_gnome_keyring.so >=20 > account required pam_nologin.so > account required pam_unix.so >=20 > session required pam_permit.so > session optional %%LOCALBASE%%/lib/security/pam_gnome_keyring.so auto_= start > =3D=3D=3D 8< =3D=3D=3D >=20 > I can provide patches if gnome@ agrees to the changes. Yeah, please do. Joe --=20 PGP Key : http://www.marcuscom.com/pgp.asc --=-H/2NFvVLmfi5Rhw0tCtj Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEABECAAYFAkh/i10ACgkQb2iPiv4Uz4e1KgCgjCoXcJpm2SHjcfVj132cas2R I24AoK3xIW86oi+d2G5bPY6aA1ApeWj3 =hqRT -----END PGP SIGNATURE----- --=-H/2NFvVLmfi5Rhw0tCtj--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1216318302.41822.42.camel>