Automatic login -- password is still asked to access Gnome keyring (Evolution, and others, affected)

Bug #236264 reported by CoudCoud
36
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Evolution
Invalid
Undecided
Unassigned
gnome-keyring-manager
Invalid
Undecided
Unassigned
evolution (Ubuntu)
Invalid
Wishlist
Ubuntu Desktop Bugs

Bug Description

Binary package hint: evolution

Hello
I use automatic login option on gdm.
This is usefull as the computer is used by an association, so the user's don't have to type any password, and I don't have to switch to another user to make administrative tasks (I'm the only one to know the password).
But since the most recent update of evolution, this program asks a password to unlock the default keyring.
This password is also the administrator password (I know I can change this default keyring password, but I don't want to do so).
Is there a solution to come back to the former situation ?

WORKAROUND

* Go to System/Preferences/Encryption and Keyrings;
* select the "Password Keyrings" tab;
* select the "default" entry, and click on "Change Unlock Password";
* type in your current password on the "Old Password" field and LEAVE the "Password" and "confirm Password" fields BLANK;
* click on OK.

You now should be able to auto-login and no password request will be show for the keyring.

NEXT STEP

This is not an Evolution bug. Evolution now uses the Gnome-keyring to store email account passwords, and it is the Gnome-keyring that is asking for a password. A case might be made for having the Gnome-Keyring automatically unlocked on auto-login. If you wish to pursue this route please open a bug for it (package: gdm).

Tags: apport-bug
Revision history for this message
CoudCoud (coudertmatthieu) wrote :
Revision history for this message
Sebastien Bacher (seb128) wrote : Re: Evolution asks my pasword to unlock the default keyring since last update

thank you for your bug report, that's not a bug though, using the gnome-keyring gives extra security to the passwords storage

you can set an empty password to the gnome-keyring so it'll be automatically unblock without asking for a password, you can also create an extra gnome-keyring to store the evolution passwords and don't set a password for this one if you want to use a password for the standard one

Changed in evolution:
assignee: nobody → desktop-bugs
importance: Undecided → Wishlist
status: New → Invalid
Revision history for this message
CoudCoud (coudertmatthieu) wrote :

Thank you for this fast answer.
After I read your advices, I created a new keyring for evolution using seahorse-preferences, but how can I assign the evolution passwords to this keyring ?

Another (silly) question : why isn't the default keyring unlocked after automatic connection ?

Thank you again.

Revision history for this message
Sebastien Bacher (seb128) wrote :

to store the password in a different gnome-keyring change the default one in seahorse so the next password stored will be written in this one, you need to remove those stored in the other gnome-keyring before doing that though

the automatic login doesn't ask for a password so it can't give that information to the gnome-keyring to unlock it, that's a technical limitation

Revision history for this message
CoudCoud (coudertmatthieu) wrote :

I think these will be my last questions :
- now that I'm using a keyring which hasn't got a password, is it less secured than the way my email passwords were stocked before the update ?
- will the fact that there are users using automatic connection be taken in care on next updates (a way of storing the passwords depending on the mean of connection, or an option to check, ...) ?
Thank you.

Revision history for this message
Sebastien Bacher (seb128) wrote :

> - now that I'm using a keyring which hasn't got a password, is it less secured than the way my email passwords were stocked before the update ?

no, the situation is similar, it's easy to read the passwords for anybody having access to the user directory

> - will the fact that there are users using automatic connection be taken in care on next updates (a way of storing the passwords depending on the mean of connection, or an option to check, ...) ?

not sure to understand what you are asking, if you really want to use an insecure password storage system you should just set no password for the gnome-keyring and that work the way you want, there is no way to have secure storage and not ask to the user to enter some authentification, you have to choose between those

Revision history for this message
Lee Revell (rlrevell) wrote :

I had this problem and I do NOT have auto login enabled, I use a password just like I always have.

How can this not be considered a bug? Installing routine package updates on a stable distro should not cause bizarre, inexplicable behavior that I have to search the forums to understand. I'm a senior Linux admin for a large corporation; I've written driver code that's in the 2.6 kernel. If I had to go to the forums and launchpad to resolve this, how are normal users expected to react? You expect them to know what a keyring is and how to manage them?

I understand the need for security but at least pop up a user friendly message, like the one you get when an update requires a reboot or a Firefox restart.

Revision history for this message
Sebastien Bacher (seb128) wrote :

login in gdm entering a password should automatically unlock the gnome-keyring, if it doesn't that's a bug. Could be the bug about the gnome-keyring password not changing automatically when you change your system password which leads to incorrect gnome-keyring credentials

Revision history for this message
alex (footealex) wrote :

This still is a bug for those users with automatic logon. Someone logging on automatically is not generally going to want to enter a password to get to their email. At least, if they do they should have to switch it on.

My wife doesn't even know the password (my choice to reduce the risk of inappropriate admin activity without having 2 accounts) but uses Evolution for her email. You can image the hassle this is causing me, and de-encrypting all my other keyring passwords is hardly a recommended security procedure...

Please just let auto-login users auto-login to Evolution, unless they really want to do it differently.

Revision history for this message
Sebastien Bacher (seb128) wrote :

you can create a gnome-keyring not using a password to store your evolution logins if you don't care about security, we are not going to change the default to this non security setting though

Revision history for this message
stlubuntu (jlrbennett) wrote :

I strongly agree. It is difficult to understand why this is not a bug. Clearly, this only changed since the last
update. Ubuntu users using automatic login did not have to enter a password for evolution before the
last update and now they do. It would make sense to regard this as a bug and change it back to the
way it was before the last update (asap with a subsequent update) and not be in denial about this
as Micro$oft would be. This is a problem on the new EV400 my folks just purchased (and they are
clearly not power users.) My Mom used to use Outlook Express before transitioning to linux and did
not have to type in a password when she launched her e-mail client in order to check her messages.

Please consider fixing this issue. Another recommended fix for this I have read in the forums is
to switch to Thunderbird (which I would rather not have her to do.)

Thanks in advance for any further consideration.

Revision history for this message
Sebastien Bacher (seb128) wrote :

did you read the previous comments? the previous setup was not really secure, you can set a blank password for your gnome-keyring if you don't care about security though but ubuntu is not going to change back to a non secure default

Revision history for this message
John Gelm (jgelm) wrote :

 <Sebastien Bacher wrote on 2008-06-23: (permalink)

did you read the previous comments? the previous setup was not really secure, you can set a blank password for your gnome-keyring if you don't care about security though but ubuntu is not going to change back to a non secure default>

What an attitude! Perhaps evolution is not the right email client for me.

C de-Avillez (hggdh2)
description: updated
Revision history for this message
yetiARC (haitzer) wrote :

<John Gelm wrote on 2008-07-10: (permalink)>

   <Sebastien Bacher wrote on 2008-06-23: (permalink)

>did you read the previous comments? the previous setup was not really secure, you can set a blank password for your gnome-keyring if you don't care >about security though but ubuntu is not going to change back to a non secure default>

>What an attitude! Perhaps evolution is not the right email client for me.

Sebastien: why not just make entering a password an OPTION in Evolution? Make it a default choice, but please give the Average Joe an easy way to uncheck the option.

Revision history for this message
C de-Avillez (hggdh2) wrote :

@yetiARC: it is not Evolution that is asking for a password, it is gnome-keyring. Please see the updated bug description for the "NEXT STEP" on this.

Revision history for this message
John Gelm (jgelm) wrote :

< Please see the updated bug description for the "NEXT STEP" on this.>

No, you CHOSE to use g-k, so it is your problem.

I have a better suggestion. How about the "NEXT STEP" be to drop gnome-keyring?

John

Revision history for this message
C de-Avillez (hggdh2) wrote :

@John: please email the ubuntu-devel-discuss mailing list with your suggestion. Sorry, but this bug is not the correct venue to discuss it.

Even more, this is not a Evolution bug. If you do not like, or want, g-k integration, then the best venue is actually upstream. Please open a bugzilla on this.

Revision history for this message
Sebastien Bacher (seb128) wrote :

could you stop adding comments to this bug to suggest to use a non secure default configuration? is it that hard to use no gnome-keyring password if you don't need one?

Revision history for this message
evgen (evgen-alice-dsl) wrote :

Sebastien Bacher wrote on 2008-06-13:

login in gdm entering a password should automatically unlock the gnome-keyring, if it doesn't that's a bug.

that is exactly the case i am having...

i hope this bug will be fixed...

Revision history for this message
oss_test_launchpad (oss-test-launchpad) wrote :

I have the same situation on this test computer here as Lee Revell has it: "I had this problem and I do NOT have auto login enabled, I use a password just like I always have."

1 - Is there a way of using the system without the GNOME keyring and just have evolution store all passwords itself?
2 - Is anyone going to report this bug upstream?

Changed in gnome-keyring-manager:
status: New → Confirmed
Revision history for this message
C de-Avillez (hggdh2) wrote :

@oss_test_launchpad: this bug is about auto-login and gnome-keyring asking for passwords.

Your case, and Lee Revell's, is about *no* auto-login, and still gnome-keyring asking for password.

This is not the same bug. Please open a new one. We will not work on yours here (one bug per report, one report per bug).

Changed in gnome-keyring-manager:
status: Confirmed → Invalid
Revision history for this message
C de-Avillez (hggdh2) wrote :

Closing this upstream task, since it is unneeded.

Changed in evolution:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.