2009-01-29 17:07:46 |
Alex Mauer |
bug |
|
|
added bug |
2009-01-29 17:10:59 |
Alex Mauer |
description |
Binary package hint: libpam-gnome-keyring
On a system set up to authenticate to an external service, such as LDAP, Active Directory, or Kerberos: When the password is changed on the external service (e.g. due to a forgotten password+reset or a forced periodic password change where the user happened to log in on a different machine when the change came due), the keyring is not unlockable with the new password. This means that unless the user remembers their old password, and knows how to change the keyring password, the keyring must be wiped, losing all the keys stored in the keyring.
This bug is distinct from several other similar bugs, in that it the other bugs relate to the keyring password not being updated properly when the password is changed on the current system. This one concerns only the situation where the password is changed externally.
This is in Ubuntu Jaunty. |
Binary package hint: libpam-gnome-keyring
On a system set up to authenticate to an external service, such as LDAP, Active Directory, or Kerberos: When the password is changed on the external service (e.g. due to a forgotten password+reset or a forced periodic password change where the user happened to log in on a different machine when the change came due), the keyring is not unlockable with the new password. This means that unless the user remembers their old password, and knows how to change the keyring password, the keyring must be wiped, losing all the keys stored in the keyring.
This bug is distinct from several other similar bugs, in that it the other bugs relate to the keyring password not being updated properly when the password is changed on the current system. This one concerns only the situation where the password is changed externally.
One possible (but very ugly) solution is to simply drop the current keyring/passphrase and start anew when the user successfully logs in using a password that doesn't unlock the keyring. Better would be to somehow change the keyring password so that the keyring can be unlocked with the new password.
This is in Ubuntu Jaunty. |
|
2009-01-29 17:31:08 |
Sebastien Bacher |
gnome-keyring: status |
New |
Invalid |
|
2009-01-29 17:31:08 |
Sebastien Bacher |
gnome-keyring: assignee |
|
desktop-bugs |
|
2009-01-29 17:31:08 |
Sebastien Bacher |
gnome-keyring: importance |
Undecided |
Low |
|
2009-01-29 17:31:08 |
Sebastien Bacher |
gnome-keyring: statusexplanation |
|
Thanks for the bug report. This particular bug has already been reported, but feel free to report any other bugs you find. The passwd pam configuration needs to be updated there is a bug open already about that request |
|
2009-01-29 18:18:48 |
Alex Mauer |
gnome-keyring: status |
Invalid |
New |
|
2009-01-29 18:18:48 |
Alex Mauer |
gnome-keyring: statusexplanation |
Thanks for the bug report. This particular bug has already been reported, but feel free to report any other bugs you find. The passwd pam configuration needs to be updated there is a bug open already about that request |
This is not the job of the tools used to change the password. It is not the responsibility of say, "Active Directory Users and Computers" or "ldappasswd" or "kpasswd" to know that libpam-gnome-keyring is used on some arbitrary machine elsewhere and somehow go and change the keyring password on that other machine. It is clearly the responsibility of gnome-keyring to handle the situation gracefully when the password has been changed elsewhere, outside of its control. |
|
2009-01-30 10:34:56 |
Sebastien Bacher |
gnome-keyring: status |
New |
Incomplete |
|
2009-01-30 10:34:56 |
Sebastien Bacher |
gnome-keyring: statusexplanation |
This is not the job of the tools used to change the password. It is not the responsibility of say, "Active Directory Users and Computers" or "ldappasswd" or "kpasswd" to know that libpam-gnome-keyring is used on some arbitrary machine elsewhere and somehow go and change the keyring password on that other machine. It is clearly the responsibility of gnome-keyring to handle the situation gracefully when the password has been changed elsewhere, outside of its control. |
what do you suggest? there is no reason the gnome-keyring password and the login one should be identical and gnome-keyring can read the user password since that would mean this one would be stored in clear somewhere |
|
2009-02-02 16:54:39 |
Sebastien Bacher |
gnome-keyring: status |
Incomplete |
New |
|
2009-02-02 16:54:39 |
Sebastien Bacher |
gnome-keyring: importance |
Low |
Wishlist |
|
2009-02-02 16:54:39 |
Sebastien Bacher |
gnome-keyring: statusexplanation |
what do you suggest? there is no reason the gnome-keyring password and the login one should be identical and gnome-keyring can read the user password since that would mean this one would be stored in clear somewhere |
reopening as a wishlist request |
|
2009-04-05 16:40:50 |
Scott Shields |
removed subscriber Scott Shields |
|
|
|
2011-07-07 05:58:41 |
marco.pallotta |
bug |
|
|
added subscriber marco.pallotta |
2011-09-14 04:07:26 |
Launchpad Janitor |
gnome-keyring (Ubuntu): status |
New |
Confirmed |
|
2012-07-11 19:44:12 |
Sebastian Dominguez |
bug |
|
|
added subscriber Sebastian Dominguez |
2013-02-11 23:14:15 |
styro |
bug |
|
|
added subscriber styro |
2014-02-27 12:45:24 |
Stephane Chazelas |
bug watch added |
|
https://bugzilla.redhat.com/show_bug.cgi?id=975469 |
|
2014-06-01 14:11:38 |
Benjamin Ryzman |
removed subscriber zarkdav |
|
|
|
2015-07-03 09:14:33 |
Stephane Chazelas |
bug |
|
|
added subscriber Stephane Chazelas |
2024-02-20 22:22:23 |
Zach Brown |
bug |
|
|
added subscriber Zach Brown |