update gnome keyring master password when user password is updated

the issue is a passwd one, the pam configuration should use gnome-keyring so the password is updated there too

I'm adding some updates to this bug, but I've only been poking around for a day or so, so feel free to comment. First, this is currently a wishlist item but I'm going to argue that its a bug. Taking a look at the source for the PAM module in gnome-keyring it looks like pam_gnome_keyring.so supports the password service. (At least there is code in there for changing the keyring password when the login password is changed.) At this point it should just a matter of adding the line

password optional pam_gnome_keyring.so

to the appropriate config files in pam.d. (In particular passwd, but this should really include anything that uses PAM to change the login password. It could even be added to common-password, except I think this file is autogenerated by pam-auth-update.) So it should be a quick fix, but the problem is that it doesn't seem to work. By that I mean, if you sync the login and keyring passwords, then change the login password using passwd (after adding the above line to the passwd file in pam.d) then the keyring passwd remains unchanged. So the password service is implemented, but appears to be broken. I think the following bug may be relevent https://bugzilla.redhat.com/show_bug.cgi?id=250147. Also, I'm using how ecryptfs interacts with PAM as my model for how this should work, if that helps.

OK, so I made a newbie mistake. The "password optional pam_gnome_keyring.so" has to be added to the end of the passwd file so that its at the bottom of the stack and the usual unix stuff gets a chance to run first. The good news is that if you add "password optional pam_gnome_keyring.so" to the end of the passwd file, or to the end of common-password, then the keyring password *is* kept in sync with the login password. So its a super easy fix in any case.

why did you reassign this bug to gnome-keyring? it was assigned to the source which ships the pam configuration to update which is correct

Sorry. Poor choice on my part after some consideration. I have a question though. It should be fine to include the appropriate line to passwd, even if libpam-gnome-keyring isn't installed, because its optional. But wouldn't it be better to change the install script of libpam-gnome-keyring to add the necessary configuration lines? I don't know much about the update/install/package process so this may be nonsense.

Could we have this bug fixed, please? ;)
It confuses a lot of people, especially those not experienced: just type 'password change keyring ubuntu' into google and see how many howtos and bb posts about this are there.

Cheers

  Morg

If this is only a wishlist item, how should a 9.04 user change their keyring password?

"System -> Preferences -> Encryption and Keyrings" does not seem to have an option for the keyring password. I only have tabs for "Encryption" and "PGP Passphrases". As per the first comment, I do have the seahorse package installed.

If it were obvious that the initial keyring password is linked to the chosen install password, this would be fine. However, it breaks (without obvious reason) for any of the following cases, which aren't exactly borderline:

- default installs where the users needs to change their password when the laptop is handed over
- people who change their passwords regularly

Perhaps someone who knows where the "Keyring" tab has gone can post here, so that future viewers of the bug know how to change their keyring password.

It is pretty well hidden now: you have to go to "Accessories -> Passwords and Encryption Keys" then select "passwords tab", right click on the "Passwords: login" folder and choose "Change Password" option. I spent an hour to find it ;]

Cheers

  Morg

bug:
When I changed my Ubuntu logon password my automatic WiFi logon breaks.

expected:
If I change my Ubutu Logon password, the next time I boot my WiFi should logon to my AP automatically, using the cached WiFi password from previous days.

After I found this bug I waited a fewy days, did the google, and found some not so good advice. I tried to manually fix or workaround this using Apps-Accessories-Password and Encryption Keys. Nothing I could do would get my system to logon to WiFi automatically.

Workaround, create new user, move over all my documents, delete my original user account. FYI, there should be a better way to port Ubuntu User Documents from one computer to another. A dialog that says export/backup, with checkboxes to let the user select what sub-components to move/backup.

On Ubuntu 10.04 (lucid):

The login keyring password seems to be changed together with the system password change if I run "passwd" in a terminal in a Gnome session.

The login keyring password is not changed if I change my password in gnome-about-me (System - Preferences - About Me - Change Password) or by running "passwd" in an ssh session.

Wouldn't this be more important than "wishlist"? This breaks things in a default install when the user first changes his/her password: he/she needs to continue to give the old password to unlock the keyring for nm-applet to get access to wlan keys/passphrases.