On 10/10/13 11:13, p10 wrote:
> autologin doesn't unlock the keyring . I think I
> understand more or less why that's happening
The reason is: libpam-gnome-keyring needs your password to decrypt the
keyring. Without your password, it just doesn't have enough information.
> Now my first question is - how does GDM store the password to autologin
> a specific user
It doesn't. GDM (or at least, enough of GDM) is a privileged process
running as root with full capabilities, and can do whatever it has been
configured to do, including changing its uid to you without asking for a
password first.
Login processes *usually* prompt for, and check, an "ordinary password"
first - but that's not required. They can equally well use a
one-time-password scheme like OATH[1], query a fingerprint reader[2], or
just say "yes" regardless[3]. When GDM has been configured to
auto-login, its policy for that user's login is "just say yes".
> when AFAIK the kernel handles user login services
The kernel doesn't handle user login services (at least, not on typical
Unix OSs like Linux and *BSD). The kernel allows processes with
appropriate capabilities[4] to become another user. That's all gdm has
to do.
S
[1] more secure than ordinary passwords
[2] not actually very secure
[3] not at all secure
[4] approximately "running as root", although on a modern system,
Linux capabilities (POSIX.1e draft capabilities) are also involved
_______________________________________________
desktop-devel-list mailing list
[email protected]
https://mail.gnome.org/mailman/listinfo/desktop-devel-list
