Yubico Forum :: View topic - Yubikey 4 - Fedora 25 logon issue with GNOME keyring

auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth sufficient pam_yubico.so id=16 authfile=/etc/yubikeys
auth optional pam_gnome_keyring.so
auth include postlogin
account required pam_nologin.so
account include password-auth
password substack password-auth
-password optional pam_gnome_keyring.so use_authtok
session required pam_selinux.so close
session required pam_loginuid.so
session optional pam_console.so
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_namespace.so
session include password-auth
session optional pam_gnome_keyring.so auto_start
session include postlogin

Author:	erikindre [ Sat Feb 04, 2017 12:35 am ]
Post subject:	Yubikey 4 - Fedora 25 logon issue with GNOME keyring
Hi, I just purchased my Yubikey4 which I intended to use for one-factor authentication for logon to Fedora 25. I followed the instructions found here: http://blog.fpmurphy.com/2010/11/enable ... ra-14.html This works fine for the GDM password authentication. However, immediately after logon I get a GNOME keyring popup prompting me for the password to continue. I've never seen this prompt before. After entering my keyring password everything works fine, but the whole idea was to avoid having to write my password. My GNOME keyring password and my user logon password are identical. I'm a long time Linux user, but no expert on administration and configuration. What's causing this? Any suggestions on how to solve it? Here is my gdm-password file: Code: auth [success=done ignore=ignore default=bad] pam_selinux_permit.so auth sufficient pam_yubico.so id=16 authfile=/etc/yubikeys auth optional pam_gnome_keyring.so auth include postlogin account required pam_nologin.so account include password-auth password substack password-auth -password optional pam_gnome_keyring.so use_authtok session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so session required pam_selinux.so open session optional pam_keyinit.so force revoke session required pam_namespace.so session include password-auth session optional pam_gnome_keyring.so auto_start session include postlogin Thanks, Erik

Author:	mattlegitt [ Sat Feb 04, 2017 2:11 am ]
Post subject:	Re: Yubikey 4 - Fedora 25 logon issue with GNOME keyring
Hello Erik, It looks as though you may have typo in your config file I see a "-password optional pam_gnome_keyring.so use_authtok" if you were commenting it out it should be "#password optional pam_gnome_keyring.so use_authtok" Best Regards, Matthew Yubico Support

Author:	erikindre [ Sat Feb 04, 2017 3:55 am ]
Post subject:	Re: Yubikey 4 - Fedora 25 logon issue with GNOME keyring
I'm pretty confident I never edited this line. This is what it looked like originally, but I honestly don't know what the - symbol does. I did try to comment it out and that didn't make any difference. edit: I've tried anything including commenting this line out, and removing the "-", this makes no difference. I'm assuming the problem is that since there is no password authentication any more, GNOME keyring doesn't have any way to authenticate using the login password. I'm now trying to set a blank keyring password, but I can't find a way to make that work either.

Yubico Forum https://forum.yubico.com/

Yubikey 4 - Fedora 25 logon issue with GNOME keyring https://forum.yubico.com/viewtopic.php?f=23&t=2553	Page 1 of 1

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/