Ubuntu
gnome-system-tools package

[users-admin] changing password via users-admin doesn't change seahorse password

Bug #271126 reported by Simon Woolf on 2008-09-17

This bug report is a duplicate of: Bug #268731: update gnome keyring master password when user password is updated. Edit Remove

28

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	gnome-system-tools (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

Binary package hint: gnome-system-tools

When you install Ubuntu, the "login" keyring is created in Seahorse using the supplied login password, which is then automatically unlocked when the user logs in.

However, when you change your user account password with users-admin, the "login" keyring is not updated. Which means that after the the user's next logged out and back in again, the next time they use an application which wants access to the keyring, they're prompted for a password when they never were before -- which would normally be no problem, except that the password the dialogue needs is their *previous* login password, which is not at all obvious.

If you want the keyring to be automatically unlocked when you log in again, every time you want to change your password, you have to do it twice -- in "Encryption & Keyrings" as well as in "Users & Groups".

When I first came across this, it was actually about six months (during which I'd changed my password several times) by the time I first used an app which wanted access to the keyring (nm-applet); so I had to try and remember what password I used when I first installed Ubuntu -- and that only once I'd worked out that was what it wanted.

Expected behaviour: When a user changes their password with users-admin, users-admin should update the login keyring.

Version: Hardy, so 2.22.0-0ubuntu9; seahorse 2.22.2-0ubuntu1.

(I would have thought that someone would have filed this already, but I can't find it if they have. Surely I can't be the only person who's changed their password?)

Revision history for this message

Mackenzie Morgan (maco.m) wrote on 2008-09-18:

#1

I don't think this is a bug. The keyring password and login password are totally separate, from what I recall. You just happened to choose to make your keyring password match your login password way back when it first asked (the first time you used a keyring app). You could also have chosen to make it something else back then as well.

Revision history for this message

Simon Woolf (semw) wrote on 2008-09-18:

#2

> You just happened to choose to make your keyring password match your login password way back when it first asked

Without wishing to contradict you, that's not correct -- not with recent versions of Ubuntu, at least (I'm not sure about older versions). If you don't believe me, create a new account, log on to it, and try it yourself. The "login" keyring is set up with that user's login password when you create the account.

The automatic unlocking, incidentally, is done by libpam-gnome-keyring: "This package contains a PAM module that will automatically unlock the keyrings using your login password, making gnome-keyring usage transparent without losing its security benefits". And that's the problem: once you change your login password, libpam-gnome-keyring can no longer unlock the "login" keyring with it, since users-admin doesn't change that password in sync with the login password.

Revision history for this message

Mackenzie Morgan (maco.m) wrote on 2008-09-18:

#3

Ok, sorry. Must have been a change in Hardy, I guess; however, I changed my login password in July and don't remember having to change my keyring password. We need someone to confirm this, because my experience is the opposite. It would be silly for this to have an effect, but are you using 64 or 32 bit?

Revision history for this message

Simon Woolf (semw) wrote on 2008-09-18:

#4

I'm using 32-bit.

I've just reconfirmed that the bug definitely exists on my system by creating a new user account and setting up a mail account in Evolution, which worked fine with no keyring prompts asking for a password. I then changed my password in users-admin and logged out and back in again. Evolution then complained that the default keyring was locked, and asked for the keyring password (the login password before I changed it).

I'm puzzled that you didn't have this problem. Maybe it's an artifact of my system not being a fresh install of Hardy (it was originally 7.04, twice dist-upgraded)?

Revision history for this message

Mackenzie Morgan (maco.m) wrote on 2008-09-19:

#5

I just tried with a new account on my computer, and you're right, sorry. I'm confirming this. My memory must be awful.

Changed in gnome-system-tools:
status:	New → Confirmed

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #268731 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.