Thanks for the explanation , so the problem is not trivial . But it still stands - people are setting empty passwords to avoid entering a password every time + the auto-login option becomes practically obsolete when using the keyring. So where do I further the discussion on that - a bug , a blueprint ?
Petko On Thu, 2013-10-10 at 11:33 +0100, Simon McVittie wrote: > On 10/10/13 11:13, p10 wrote: > > autologin doesn't unlock the keyring . I think I > > understand more or less why that's happening > > The reason is: libpam-gnome-keyring needs your password to decrypt the > keyring. Without your password, it just doesn't have enough information. > > > Now my first question is - how does GDM store the password to autologin > > a specific user > > It doesn't. GDM (or at least, enough of GDM) is a privileged process > running as root with full capabilities, and can do whatever it has been > configured to do, including changing its uid to you without asking for a > password first. > > Login processes *usually* prompt for, and check, an "ordinary password" > first - but that's not required. They can equally well use a > one-time-password scheme like OATH[1], query a fingerprint reader[2], or > just say "yes" regardless[3]. When GDM has been configured to > auto-login, its policy for that user's login is "just say yes". > > > when AFAIK the kernel handles user login services > > The kernel doesn't handle user login services (at least, not on typical > Unix OSs like Linux and *BSD). The kernel allows processes with > appropriate capabilities[4] to become another user. That's all gdm has > to do. > > S > > [1] more secure than ordinary passwords > [2] not actually very secure > [3] not at all secure > [4] approximately "running as root", although on a modern system, > Linux capabilities (POSIX.1e draft capabilities) are also involved > > _______________________________________________ > desktop-devel-list mailing list > [email protected] > https://mail.gnome.org/mailman/listinfo/desktop-devel-list _______________________________________________ desktop-devel-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/desktop-devel-list
