Port PAM module from gnome-keyring
See ModularGnomeKeyring Fedora change proposal for background information.
TODO:
-
port PAM module form gnome-keyring -
decouple unrelated gnome-keyring implementations from PAM implementation -
remove existing tests -
implement the new PAM tests based on pam_wrapper
andlibpamtest
.-
mock the control socket. -
PAMTEST_AUTHENTICATE
-
-
update CI. -
remove start_daemon
and dependents. -
separation of commits
New changes introduced to the PAM module:
- Removed
start_daemon
and the dependent code altogether. Because, gnome-keyring-daemon is launched by systemd. - Replaced calls to
pam_get_item
to retrieve authentication tokens withpam_get_authtok
.
PAM module test results summary:
-
GNOME OS Nightly :
-
Unlocks the default keyring during boot. - changes made to
/lib/x86_64-linux-gnu/security/
do not persist after a reboot.
- changes made to
-
Unlocks the default keyring during logout/login.
-
-
Debian 12.2 :
-
Unlocks the default keyring during boot. -
Unlocks the default keyring during logout/login.
-
-
Fedora 39 :
-
Unlocks the default keyring during boot. gkr-pam: unable to locate daemon control file
- this could be due to some configuration issue.
-
Unlocks the default keyring during logout/login.
-
Edited by Dhanuka Warusadura