Skip to content

Port PAM module from gnome-keyring

See ModularGnomeKeyring Fedora change proposal for background information.

TODO:

  • port PAM module form gnome-keyring
  • decouple unrelated gnome-keyring implementations from PAM implementation
  • remove existing tests
  • implement the new PAM tests based on pam_wrapper and libpamtest.
    • mock the control socket.
    • PAMTEST_AUTHENTICATE
  • update CI.
  • remove start_daemon and dependents.
  • separation of commits

New changes introduced to the PAM module:

  • Removed start_daemon and the dependent code altogether. Because, gnome-keyring-daemon is launched by systemd.
  • Replaced calls to pam_get_item to retrieve authentication tokens with pam_get_authtok.

PAM module test results summary:

  • GNOME OS Nightly :
    • Unlocks the default keyring during boot.
      • changes made to /lib/x86_64-linux-gnu/security/ do not persist after a reboot.
    • Unlocks the default keyring during logout/login.
  • Debian 12.2 :
    • Unlocks the default keyring during boot.
    • Unlocks the default keyring during logout/login.
  • Fedora 39 :
    • Unlocks the default keyring during boot.
      • gkr-pam: unable to locate daemon control file
      • this could be due to some configuration issue.
    • Unlocks the default keyring during logout/login.
Edited by Dhanuka Warusadura

Merge request reports