Comment 11 for bug 322827

I agree that nothing forces the use of a similar password. However, it is the default on a fresh Ubuntu install.

One possibility would be for gnome-keyring to have a configuration flag that would indicate if the password should be synchronised with the system password. No cleartext stored password should be necessary.

So the sequence would go:
1. On an Ubuntu fresh install the password sync flag would be set, and keyring password would be the same as the login password.
2. User's password is changed externally.
3. User logs in. The password is accepted for login, but does not unlock the keyring.
4. libpam-gnome-keyring has the new password since the user just logged in with it.
5. libpam-gnome-keyring needs the old password, so it prompts for it.
6. libpam-gnome-keyring changes the keyring password and unlocks the keyring.
7. The user changes the keyring password manually.
8. The password sync flag is cleared, and so libpam-gnome-keyring should no longer do steps 5 and 6.