Ubuntu

gnome-keyring-manager requires non-empty password

Reported by Christian A. Reiter on 2007-04-22
30
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNOME Keyring
Fix Released
Medium
gnome-keyring (Ubuntu)
Low
Ubuntu Desktop Bugs

Bug Description

Binary package hint: network-manager-gnome

When using network-manager to connect to my WLAN automatically at startup it each time asks for the password.
That's ok it is secure, but not what I want. I want an empty password.
I know that that is unsecure, but nobody comes into my house and steals my computer, using my WLAN then with it from outside.

nm-applet lets you enter a password, and when you enter nothing, just press OK, it says, passwords cannot be empty.

Sometimes GNOME is frustrating not letting you do what you want, just telling you what you should do and giving you no choice.

It's ok to tell me that it is not secure. But please let ME decide.

Is this possible to get fixed?
Thanks,
Chris

Chris Burgan (cburgan) wrote :

Thank you for your bug report and helping to make Ubuntu better, I think what you are trying to say is that the gnome-keyring-manager is where you want to store(or not store) an empty password. It's not your wlan that has an empty password am I correct? If so, I think you filed this against the wrong package, I just want to be sure so let me know and I'll move it for you.

Changed in network-manager:
assignee: nobody → cburgan
status: Unconfirmed → Needs Info
Christian A. Reiter (droetker) wrote :

Sorry, youre absolutely right - thanks for your quick response.
Yes, the gnome-keyring password should be made possible to be empty, not the WLAN password...

Chris Burgan (cburgan) on 2007-04-23
Changed in network-manager:
assignee: cburgan → nobody
status: Needs Info → Unconfirmed
Chris Burgan (cburgan) wrote :

Also of note, your request is quite similar to bug 34898 , which seeks to remove the keyring-manager functionality from network-manager altogether. Your point was slightly different and valid though so that is why I am moving it over.

Sebastien Bacher (seb128) wrote :

Thank you for your bug. What version of Ubuntu do you use. How do you trigger the bug? How do you try to set the password there?

Changed in gnome-keyring-manager:
assignee: nobody → desktop-bugs
importance: Undecided → Low
status: Unconfirmed → Needs Info
Christian A. Reiter (droetker) wrote :

I am using Ubuntu Feisty.
Steps to reproduce:
Hm - first - I think it is no bug, just a missing feature or something the developers forgot - or didn't want to implement.
OK.

Using a Computer with WLAN ability, , with a fresh user without previour gnome-keyring-manager use, just connect with network-manager to any wireless network you know the password.
Then NetworkManager asks you for the password, and if you enter it, it connects, AND now gnome-keyring-manager (I think so) asks you to choose a "master password" for its keyring (therefore use a new test user).
If you enter "foo" as password, everything is ok, but if you choose to choose NO password, what is unsecure but very handy at my home computer, the program complains about impossibility of that - I MUST use a password, passwords MAY not be empty.

In my opinion It should be to the user to choose. It is good if GNOME warns you, that this would be a security risk - maybe ask, "do you really want to take an empty password!?"
But the decicion should be done by the user, not by the operating system...
GNOME is in many things a great DE, but I (and many others...) don't like it if my computer wants to be more intelligent than I and doesn't let me do what I want ;-)

Sebastien Bacher (seb128) wrote :
Changed in gnome-keyring-manager:
status: Needs Info → Confirmed
Changed in gnome-keyring:
status: Unknown → Confirmed
Changed in gnome-keyring:
status: Confirmed → Won't Fix
Sebastien Bacher (seb128) wrote :

Upstream closed the bug with this comment:

"Gnome Keyring now uses PAM and ties into the user's login password. This will
be included in the next release of gnome-keyring and Gnome.

It seems this would solve the problem you're experiencing. It fits in very well
with single sign on now.

BTW, if either of you have time, I'd love to have your input and/or testing on
the new PAM functionality from a corporate point of view.

http://live.gnome.org/GnomeKeyring/Pam

Do you think this'll solve your problem? If not please reopen this bug. "

Changed in gnome-keyring:
status: Confirmed → Invalid
Roger Binns (ubuntu-rogerbinns) wrote :

pam keyring does not solve the problem. It only solves the problem if the login password is supplied as plain text and the login password is the same as the keyring password.

Those of us using fingerprints to login aren't supplying a plain text password and hence get prompted. Those using other authentication systems such as ldap, nis etc won't want the administrative overhead of trying to keep the keyrings password in sync with the user password.

LEVIS Cyril (atlas95) wrote :

I use a fingerprint reader so I have create a bash file which launch : echo "PASSWORD" | /path/to/pam-keyring-tool -u -s

but I have another problem maybe you can help me, so I use fingerprint, and I have tweak for gnome-screensaver for use fingerprint with it.
But for unlock the screensaver I must press enter one time on a bad password, and after, only after this I can use the fingerprint :s

Jerome Haltom (wasabi) wrote :

LEVIS,

Upstream has reopened the bug. I suspect eventually we'll end up with the ability to enter a null password for the keyring.

As for the gnome-screensaver problem... yes I agree. Gnome screen saver needs to properly use PAM to generate it's password prompts (or lack of password prompts). If it is not doing so, a bug should be filed against it or the related PAM module. Do you mind opening or pinpointing such a bug?

Changed in gnome-keyring:
status: Won't Fix → In Progress
Changed in gnome-keyring:
status: In Progress → Fix Released
Pedro Villavicencio (pedro) wrote :

Fixed upstream, thanks.

Changed in gnome-keyring:
status: Invalid → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnome-keyring - 2.21.5-0ubuntu1

---------------
gnome-keyring (2.21.5-0ubuntu1) hardy; urgency=low

  * New upstream version:
    - Proper support for creating and destroying objects through PKCS#11.
    - Support for setting PKCS#11 attributes.
    - Fix hanging of daemon under certain conditions.
    - Add gconf setting for determining which components of the daemon
      (such as SSH) are run at startup.
    - Better parsing of objects and prompting for passwords in PKCS#12 files.
    - Calculate trust and purpose/usage of certificates.
    - Mark certain key/certificate directories as special requiring certain
      special treatment
    - Add support for unencrypted keyrings which are used when the user
      specifies a blank password. (LP: #108993)
    - Fix crasher
    - Build fixes.
  * debian/control.in:
    - Build-Depends on libgconf2-dev
  * debian/gnome-keyring.install:
    - install new schemas
  * debian/patches/80_from_upstream_fix_login_hang.patch:
    - dropped, fixed in the new version

 -- Sebastien Bacher <email address hidden> Tue, 15 Jan 2008 10:41:04 +0100

Changed in gnome-keyring:
status: Fix Committed → Fix Released
Bart Heinsius (bheinsius) wrote :

Can this package (gnome-keyring - 2.21.5-0ubuntu1) be backported to Gutsy?

Henrik Nordvik (henrikno) wrote :

I am still getting asked for my keyring password on 8.04 with gnome-keyring 2.22.1-1 when I have automatic login on.

It says: "Enter password for default keyring to unlock"
"The application 'nm-applet' (/usr/bin/nm-applet) wants access to the default keyring, but it is locked"

It does not ask me if I turn automatic login off.

Christian A. Reiter (droetker) wrote :

This has nothing to do with this bug. The bug was - you can't choose an EMPTY password.
Have you chosen a password or did you leave it empty (the keyring password!)?

moli (f-launchpad-moli-hu) wrote :

Christian is right. What he wrote has nothing to with what you have done. I have this problem too.

THIS IS A BUG! Open the ticket again!

ZLOB-o-ZLOB (zlob-o-zlob) wrote :

I've deleted my user password completely, set the nullok directive in PAM and now everything works ok without asking for password every five minutes EXCEPT gnome-keyring. It still asks for my password and is unusable for me for this reason. I think this is a bug and it should be fixed.
And yes, I know about security risks of empty password, but I just want my software working properly.

P.S. This is my first post here and I'm not a native english speaker, so please tell me if I did anything wrong.

Changed in gnome-keyring:
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.