[gentoo-commits] proj/pambase:master commit in: templates/

Fri, 05 Sep 2025 13:38:15 -0700 

commit:     74cbdaf50983f1eb06f82bdb5fbe7f762b859dd3
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Sep  5 20:33:58 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Sep  5 20:33:58 2025 +0000
URL:        https://gitweb.gentoo.org/proj/pambase.git/commit/?id=74cbdaf5

Add pam_gnome_keybase to auth, session stacks too

Quoting the bug:
> pam_gnome_keyring.so is, according to its own documentation [0], an 
> authentication module,
> a session module, and a password management module. The expected way to use 
> this module,
> AFAICT, is to place it in all three stacks, with the auto_start command line 
> parameter
> present in the session line. In this configuration, the auth stack will hold 
> onto the
> user’s passphrase, the session stack will launch a gnome-keyring-daemon 
> process and hand
> over the passphrase to unlock the login keyring, and the password stack will 
> change the
> encryption password for the login keyring when the user changes their system 
> password.

[0] https://wiki.gnome.org/Projects/GnomeKeyring/Pam/Manual

Closes: https://github.com/gentoo/pambase/issues/8
Signed-off-by: Sam James <sam <AT> gentoo.org>

 templates/passwd.tpl             | 4 ----
 templates/system-local-login.tpl | 9 +++++++++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/templates/passwd.tpl b/templates/passwd.tpl
index 951f321..0bde2a3 100644
--- a/templates/passwd.tpl
+++ b/templates/passwd.tpl
@@ -2,7 +2,3 @@ auth            sufficient      pam_rootok.so
 auth           include         system-auth
 account                include         system-auth
 password       include         system-auth
-
-{% if gnome_keyring %}
-password       optional        pam_gnome_keyring.so use_authtok
-{% endif %}

diff --git a/templates/system-local-login.tpl b/templates/system-local-login.tpl
index 2f415ed..3cdf883 100644
--- a/templates/system-local-login.tpl
+++ b/templates/system-local-login.tpl
@@ -1,4 +1,13 @@
 auth           include         system-login
+{% if gnome_keyring %}
+auth           optional        pam_gnome_keyring.so use_authtok
+{% endif %}
 account                include         system-login
 password       include         system-login
+{% if gnome_keyring %}
+password       optional        pam_gnome_keyring.so use_authtok
+{% endif %}
 session                include         system-login
+{% if gnome_keyring %}
+session                optional        pam_gnome_keyring.so use_authtok 
auto_start
+{% endif %}

Reply via email to