On Mon, 09 Jan 2017 23:58:11 +0100 Laurent Bigonville <bi...@debian.org> wrote:

> Hi,
>
> Since gdm 3.22, there is a new pam module that unlock the gnome-keyring
> using the keyring using the password of the luks partition.
>
> The idea is that on a single user laptop, the user uses the same
> password for his encrypted root and user in addition to autologin.
>
> Tje pam module read the kernel keyring to find that password with the
> followin code:
>
> serial = find_key_by_type_and_desc ("user", "cryptsetup", 0);
> if (serial == 0)
> return PAM_AUTHINFO_UNAVAIL;
>
> r = keyctl_read_alloc (serial, &cached_password);
>
> So it would be nice if cryptsetup could store that password in the
> keyring after opening successfully the main luks partition.
>
> Regards,

OK, what could be done for this?

I guess that askpass could store the password in the keyring if a flag is passed to it asking for it?

Would that be a viable solution?

The difficult part would be to detect a wrong password and not store it I guess?

Reply via email to