Discussion:
How to bypass keyring password request?
Add Reply
Tuxedo
2018-09-30 18:56:05 UTC
Reply
Permalink
On Tuesday 18 September 2018 00:30, Tuxedo conveyed the following to
Different GUI programs, for example if using the network manager in
relation to a mobile data connection with a SIM, Skype or Chrome,
initiate a prompt to create a password for a new keyring.
What's happening when an applications request this and why does it
relate to some applications even where there's no particular password
requirement, such as with Chrome or the Chromium browser suite?
These programs will still proceed without creating and adding a
password.
Browsers such as Chrome/Chromium, Firefox, et al, can store passwords so
that you can use them for an automated login procedure at certain
websites, e.g. a forum, a router's configuration page, PayPal, the
Bugzilla bug reporting system used by many distributions, and so on.
The keyring is intended to keep all of those different logins and
passwords stored together in a central (and usually encrypted) file,
commonly accessed by entering a single master password only once, when
the first application requiring a login and/or password needs it. The
master password then unlocks the keyring, and from that moment on, all
applications with a password stored in the keyring will be able to give
you instant access to whatever they need to do, without that you'd need
to enter login credentials all over again.
--
With respect,
= Aragorn =
I'm not sure which program is generating these keyring password requests but
I realise it gives passwordless access to relevant applications on an X
session basis.

In other words, if the system has been rebooted or if the user logged out of
the window manager and back in again the keyring password input will be
requested again.

In which way(s) can this password request be bypassed, perhaps globally or
for specified applications only?

I use Xfce exclusively so maybe passwordless keyring logins can be
configured at the Xfce-login start up stage.

Many thanks,
Tuxedo
Chris Vine
2018-09-30 19:58:31 UTC
Reply
Permalink
On Sun, 30 Sep 2018 20:56:05 +0200
Tuxedo <***@mailinator.net> wrote:
[snip]
Post by Tuxedo
I'm not sure which program is generating these keyring password requests but
I realise it gives passwordless access to relevant applications on an X
session basis.
In other words, if the system has been rebooted or if the user logged out of
the window manager and back in again the keyring password input will be
requested again.
In which way(s) can this password request be bypassed, perhaps globally or
for specified applications only?
I use Xfce exclusively so maybe passwordless keyring logins can be
configured at the Xfce-login start up stage.
If you are referring to the prompt you get on every boot-up as soon as
you start XFCE, then it is gnome-keyring which is doing this.

If you want gnome-keyring to be unlocked automatically when you log in
via an X display manager, you need to install pam and use something
like lightdm as your display manager, and write a pam config file for
lightdm which invokes pam_gnome_keyring.so.

That will be too much for you, so get used to logging in once with your
display manager and again for gnome-keyring.
dillinger
2018-09-30 20:53:09 UTC
Reply
Permalink
Post by Tuxedo
On Tuesday 18 September 2018 00:30, Tuxedo conveyed the following to
Different GUI programs, for example if using the network manager in
relation to a mobile data connection with a SIM, Skype or Chrome,
initiate a prompt to create a password for a new keyring.
What's happening when an applications request this and why does it
relate to some applications even where there's no particular password
requirement, such as with Chrome or the Chromium browser suite?
These programs will still proceed without creating and adding a
password.
Browsers such as Chrome/Chromium, Firefox, et al, can store passwords so
that you can use them for an automated login procedure at certain
websites, e.g. a forum, a router's configuration page, PayPal, the
Bugzilla bug reporting system used by many distributions, and so on.
The keyring is intended to keep all of those different logins and
passwords stored together in a central (and usually encrypted) file,
commonly accessed by entering a single master password only once, when
the first application requiring a login and/or password needs it. The
master password then unlocks the keyring, and from that moment on, all
applications with a password stored in the keyring will be able to give
you instant access to whatever they need to do, without that you'd need
to enter login credentials all over again.
--
With respect,
= Aragorn =
I'm not sure which program is generating these keyring password requests but
I realise it gives passwordless access to relevant applications on an X
session basis.
In other words, if the system has been rebooted or if the user logged out of
the window manager and back in again the keyring password input will be
requested again.
In which way(s) can this password request be bypassed, perhaps globally or
for specified applications only?
I use Xfce exclusively so maybe passwordless keyring logins can be
configured at the Xfce-login start up stage.
Many thanks,
Tuxedo
Delete your keyring, and use a blank password (no password) when you're
prompted for a password when a new keyring is created. You won't be
asked again.

Or, when you're going to bypass its security anyway, uninstall
gnome-keyring.
Tuxedo
2018-10-01 21:06:58 UTC
Reply
Permalink
dillinger wrote:

[...]
Post by dillinger
Delete your keyring, and use a blank password (no password) when you're
prompted for a password when a new keyring is created. You won't be
asked again.
This sounds like the best idea. Having been prompted to enter/create a
keyring pass by some programs already, I'm not sure where to remove these
existing passwords. I understand it's a gnome-keyring but the manual for
that program doesn't give details how to remove existing keyring
credentials.

Does anyone know in which files keyring passwords are stored which can be
removeed in order to re-enter a blank pass when the affected programs are
started next time?

Thanks,
Tuxedo
Chris Vine
2018-10-01 21:51:36 UTC
Reply
Permalink
On Mon, 01 Oct 2018 23:06:58 +0200
Post by Tuxedo
[...]
Post by dillinger
Delete your keyring, and use a blank password (no password) when you're
prompted for a password when a new keyring is created. You won't be
asked again.
This sounds like the best idea. Having been prompted to enter/create a
keyring pass by some programs already, I'm not sure where to remove these
existing passwords. I understand it's a gnome-keyring but the manual for
that program doesn't give details how to remove existing keyring
credentials.
Does anyone know in which files keyring passwords are stored which can be
removeed in order to re-enter a blank pass when the affected programs are
started next time?
They are stored in ~/.gnome2/keyrings, but I would not mess around with
them. What you can do is make /usr/bin/gnome-keyring-daemon
unexecutable so that dbus cannot start the daemon (chmod
-x /usr/bin/gnome-keyring-daemon), but then you might need to install
something like seahorse to deal with the keyrings manually.

Making /usr/bin/gnome-keyring-daemon unexecutable may have some
unforeseen consequences, but you will soon find out.
Chris Vine
2018-10-01 22:00:19 UTC
Reply
Permalink
On Mon, 1 Oct 2018 22:51:36 +0100
Post by Chris Vine
On Mon, 01 Oct 2018 23:06:58 +0200
Post by Tuxedo
[...]
Post by dillinger
Delete your keyring, and use a blank password (no password) when you're
prompted for a password when a new keyring is created. You won't be
asked again.
This sounds like the best idea. Having been prompted to enter/create a
keyring pass by some programs already, I'm not sure where to remove these
existing passwords. I understand it's a gnome-keyring but the manual for
that program doesn't give details how to remove existing keyring
credentials.
Does anyone know in which files keyring passwords are stored which can be
removeed in order to re-enter a blank pass when the affected programs are
started next time?
They are stored in ~/.gnome2/keyrings, but I would not mess around with
them. What you can do is make /usr/bin/gnome-keyring-daemon
unexecutable so that dbus cannot start the daemon (chmod
-x /usr/bin/gnome-keyring-daemon), but then you might need to install
something like seahorse to deal with the keyrings manually.
Making /usr/bin/gnome-keyring-daemon unexecutable may have some
unforeseen consequences, but you will soon find out.
And if it does (making gnome-settings-daemon unexecutable may adversely
affect seahorse) one other thing you can try is
removing /etc/xdg/autostart/gnome-keyring-secrets.desktop,
/usr/share/dbus-1/services/org.gnome.keyring.service
and /usr/share/dbus-1/services/org.freedesktop.secrets.service to
prevent the daemon starting automatically.
Tuxedo
2018-10-02 06:30:31 UTC
Reply
Permalink
Chris Vine wrote:

[...]
Post by Chris Vine
Post by Chris Vine
Making /usr/bin/gnome-keyring-daemon unexecutable may have some
unforeseen consequences, but you will soon find out.
And if it does (making gnome-settings-daemon unexecutable may adversely
affect seahorse) one other thing you can try is
removing /etc/xdg/autostart/gnome-keyring-secrets.desktop,
/usr/share/dbus-1/services/org.gnome.keyring.service
and /usr/share/dbus-1/services/org.freedesktop.secrets.service to
prevent the daemon starting automatically.
Thanks for the tips. I might give it a try.

Prompting users to enter a password while not knowing if it's an
application, OS or desktop initiated password request, then making the user
save it while not being able to modify it, could surely have been designed
better or the applicaton should not have made it into popular Linux distros.

Tuxedo
Rich
2018-10-02 10:49:03 UTC
Reply
Permalink
Post by Tuxedo
[...]
Post by Chris Vine
Post by Chris Vine
Making /usr/bin/gnome-keyring-daemon unexecutable may have some
unforeseen consequences, but you will soon find out.
And if it does (making gnome-settings-daemon unexecutable may adversely
affect seahorse) one other thing you can try is
removing /etc/xdg/autostart/gnome-keyring-secrets.desktop,
/usr/share/dbus-1/services/org.gnome.keyring.service
and /usr/share/dbus-1/services/org.freedesktop.secrets.service to
prevent the daemon starting automatically.
Thanks for the tips. I might give it a try.
Prompting users to enter a password while not knowing if it's an
application, OS or desktop initiated password request, then making the user
save it while not being able to modify it, could surely have been designed
better or the applicaton should not have made it into popular Linux distros.
One word: "Gnome".

There's a reason why Linux has ranted, more than once, about the gnome
devs.

They know what is better for you, so just bend over and submit,
citizen.
Chris Vine
2018-10-02 12:37:46 UTC
Reply
Permalink
On Tue, 2 Oct 2018 10:49:03 -0000 (UTC)
Post by Rich
Post by Tuxedo
[...]
Post by Chris Vine
Post by Chris Vine
Making /usr/bin/gnome-keyring-daemon unexecutable may have some
unforeseen consequences, but you will soon find out.
And if it does (making gnome-settings-daemon unexecutable may adversely
affect seahorse) one other thing you can try is
removing /etc/xdg/autostart/gnome-keyring-secrets.desktop,
/usr/share/dbus-1/services/org.gnome.keyring.service
and /usr/share/dbus-1/services/org.freedesktop.secrets.service to
prevent the daemon starting automatically.
Thanks for the tips. I might give it a try.
Prompting users to enter a password while not knowing if it's an
application, OS or desktop initiated password request, then making the user
save it while not being able to modify it, could surely have been designed
better or the applicaton should not have made it into popular Linux distros.
One word: "Gnome".
There's a reason why Linux has ranted, more than once, about the gnome
devs.
They know what is better for you, so just bend over and submit,
citizen.
This is nonsense. There is nothing wrong with the gnome project having
a keyring for gnome desktops, just as there is nothing wrong with the
KDE developers providing the same for theirs (kwallet). I don't believe
the KDE developers are making you "bend over and submit" - indeed your
suggestion is ridiculous.

The reason why slackware ships gnome-keyring is that some applications
it provides, notably firefox, use it. Many applications it doesn't
provide also use it, such as google-chrome.

If you don't want to use any of those applications then don't install
the gnome-keyring package. Also, don't use KDE if you want to avoid
kwallet.
dillinger
2018-10-02 14:32:14 UTC
Reply
Permalink
Post by Chris Vine
On Tue, 2 Oct 2018 10:49:03 -0000 (UTC)
Post by Rich
Post by Tuxedo
[...]
Post by Chris Vine
Post by Chris Vine
Making /usr/bin/gnome-keyring-daemon unexecutable may have some
unforeseen consequences, but you will soon find out.
And if it does (making gnome-settings-daemon unexecutable may adversely
affect seahorse) one other thing you can try is
removing /etc/xdg/autostart/gnome-keyring-secrets.desktop,
/usr/share/dbus-1/services/org.gnome.keyring.service
and /usr/share/dbus-1/services/org.freedesktop.secrets.service to
prevent the daemon starting automatically.
Thanks for the tips. I might give it a try.
Prompting users to enter a password while not knowing if it's an
application, OS or desktop initiated password request, then making the user
save it while not being able to modify it, could surely have been designed
better or the applicaton should not have made it into popular Linux distros.
One word: "Gnome".
There's a reason why Linux has ranted, more than once, about the gnome
devs.
They know what is better for you, so just bend over and submit,
citizen.
This is nonsense. There is nothing wrong with the gnome project having
a keyring for gnome desktops, just as there is nothing wrong with the
KDE developers providing the same for theirs (kwallet). I don't believe
the KDE developers are making you "bend over and submit" - indeed your
suggestion is ridiculous.
The reason why slackware ships gnome-keyring is that some applications
it provides, notably firefox, use it. Many applications it doesn't
provide also use it, such as google-chrome.
If you don't want to use any of those applications then don't install
the gnome-keyring package. Also, don't use KDE if you want to avoid
kwallet.
Firefox and Chrome use (can use) gnome-keyring but they are not
dependent upon it. They run perfectly without it.

dillinger
2018-10-02 14:12:04 UTC
Reply
Permalink
Post by Tuxedo
[...]
Post by dillinger
Delete your keyring, and use a blank password (no password) when you're
prompted for a password when a new keyring is created. You won't be
asked again.
This sounds like the best idea. Having been prompted to enter/create a
keyring pass by some programs already, I'm not sure where to remove these
existing passwords. I understand it's a gnome-keyring but the manual for
that program doesn't give details how to remove existing keyring
credentials.
Does anyone know in which files keyring passwords are stored which can be
removeed in order to re-enter a blank pass when the affected programs are
started next time?
Thanks,
Tuxedo
You can use Seahorse to manage your passwords and keys.
https://slackbuilds.org/result/?search=seahorse&sv=14.2
Eef Hartman
2018-10-01 22:12:13 UTC
Reply
Permalink
Post by Tuxedo
I'm not sure which program is generating these keyring password requests
As others already mentioned, it could be
polkit-gnome-authentication-agent
but it also could be
ssh-agent

Both are started by a xfce session at the start.

There also is a gpg daemon which I've disabled by NOT installing both
of the gpg packages.
Loading...