gnome-keyring-manager requires non-empty password

Thank you for your bug report and helping to make Ubuntu better, I think what you are trying to say is that the gnome-keyring-manager is where you want to store(or not store) an empty password. It's not your wlan that has an empty password am I correct? If so, I think you filed this against the wrong package, I just want to be sure so let me know and I'll move it for you.

Sorry, youre absolutely right - thanks for your quick response.
Yes, the gnome-keyring password should be made possible to be empty, not the WLAN password...

Also of note, your request is quite similar to bug 34898 , which seeks to remove the keyring-manager functionality from network-manager altogether. Your point was slightly different and valid though so that is why I am moving it over.

Thank you for your bug. What version of Ubuntu do you use. How do you trigger the bug? How do you try to set the password there?

I am using Ubuntu Feisty.
Steps to reproduce:
Hm - first - I think it is no bug, just a missing feature or something the developers forgot - or didn't want to implement.
OK.

Using a Computer with WLAN ability, , with a fresh user without previour gnome-keyring-manager use, just connect with network-manager to any wireless network you know the password.
Then NetworkManager asks you for the password, and if you enter it, it connects, AND now gnome-keyring-manager (I think so) asks you to choose a "master password" for its keyring (therefore use a new test user).
If you enter "foo" as password, everything is ok, but if you choose to choose NO password, what is unsecure but very handy at my home computer, the program complains about impossibility of that - I MUST use a password, passwords MAY not be empty.

In my opinion It should be to the user to choose. It is good if GNOME warns you, that this would be a security risk - maybe ask, "do you really want to take an empty password!?"
But the decicion should be done by the user, not by the operating system...
GNOME is in many things a great DE, but I (and many others...) don't like it if my computer wants to be more intelligent than I and doesn't let me do what I want ;-)

That's known upstream, http://bugzilla.gnome.org/show_bug.cgi?id=386866

Upstream closed the bug with this comment:

"Gnome Keyring now uses PAM and ties into the user's login password. This will
be included in the next release of gnome-keyring and Gnome.

It seems this would solve the problem you're experiencing. It fits in very well
with single sign on now.

BTW, if either of you have time, I'd love to have your input and/or testing on
the new PAM functionality from a corporate point of view.

http://live.gnome.org/GnomeKeyring/Pam

Do you think this'll solve your problem? If not please reopen this bug. "

pam keyring does not solve the problem. It only solves the problem if the login password is supplied as plain text and the login password is the same as the keyring password.

Those of us using fingerprints to login aren't supplying a plain text password and hence get prompted. Those using other authentication systems such as ldap, nis etc won't want the administrative overhead of trying to keep the keyrings password in sync with the user password.

I use a fingerprint reader so I have create a bash file which launch : echo "PASSWORD" | /path/to/pam-keyring-tool -u -s

but I have another problem maybe you can help me, so I use fingerprint, and I have tweak for gnome-screensaver for use fingerprint with it.
But for unlock the screensaver I must press enter one time on a bad password, and after, only after this I can use the fingerprint :s

LEVIS,

Upstream has reopened the bug. I suspect eventually we'll end up with the ability to enter a null password for the keyring.

As for the gnome-screensaver problem... yes I agree. Gnome screen saver needs to properly use PAM to generate it's password prompts (or lack of password prompts). If it is not doing so, a bug should be filed against it or the related PAM module. Do you mind opening or pinpointing such a bug?

Fixed upstream, thanks.

This bug was fixed in the package gnome-keyring - 2.21.5-0ubuntu1

---------------
gnome-keyring (2.21.5-0ubuntu1) hardy; urgency=low

  * New upstream version:
    - Proper support for creating and destroying objects through PKCS#11.
    - Support for setting PKCS#11 attributes.
    - Fix hanging of daemon under certain conditions.
    - Add gconf setting for determining which components of the daemon
      (such as SSH) are run at startup.
    - Better parsing of objects and prompting for passwords in PKCS#12 files.
    - Calculate trust and purpose/usage of certificates.
    - Mark certain key/certificate directories as special requiring certain
      special treatment
    - Add support for unencrypted keyrings which are used when the user
      specifies a blank password. (LP: #108993)
    - Fix crasher
    - Build fixes.
  * debian/control.in:
    - Build-Depends on libgconf2-dev
  * debian/gnome-keyring.install:
    - install new schemas
  * debian/patches/80_from_upstream_fix_login_hang.patch:
    - dropped, fixed in the new version

 -- Sebastien Bacher <email address hidden> Tue, 15 Jan 2008 10:41:04 +0100

Can this package (gnome-keyring - 2.21.5-0ubuntu1) be backported to Gutsy?

I am still getting asked for my keyring password on 8.04 with gnome-keyring 2.22.1-1 when I have automatic login on.

It says: "Enter password for default keyring to unlock"
"The application 'nm-applet' (/usr/bin/nm-applet) wants access to the default keyring, but it is locked"

It does not ask me if I turn automatic login off.

This has nothing to do with this bug. The bug was - you can't choose an EMPTY password.
Have you chosen a password or did you leave it empty (the keyring password!)?

Christian is right. What he wrote has nothing to with what you have done. I have this problem too.

THIS IS A BUG! Open the ticket again!

I've deleted my user password completely, set the nullok directive in PAM and now everything works ok without asking for password every five minutes EXCEPT gnome-keyring. It still asks for my password and is unusable for me for this reason. I think this is a bug and it should be fixed.
And yes, I know about security risks of empty password, but I just want my software working properly.

P.S. This is my first post here and I'm not a native english speaker, so please tell me if I did anything wrong.