Comment 61 for bug 137247

I've been informed by the friendly people in the #ubuntu+1 channel on IRC
that Network Manager in Intrepid does not currently save the wireless
network keys. You have to enter them every time you start Ubuntu. I was
told it was a very common known issue which was expected to be fixed in time
for the Intrepid beta release.

On Thu, Sep 25, 2008 at 7:57 PM, Martin Pool <email address hidden> wrote:

> >Solved in Ubuntu Hardy Heron 8.04 with this steps:
> >1) System - Administration - Login window: Security tab, Enable automatic
> login and select your user
> >2) Delete files: rm ~/.gnome2/keyrings/*
> >
> > When restart system, write the WEP password for your wifi and don't use
> password in keyring.
>
> Is there any way to change the keyring password without deleting the
> whole keyring? In intrepid there does not seem to be any utility to
> manage the keyring, though there was in hardy.
>
> --
> libpam-keyring broken on autologins
> https://bugs.launchpad.net/bugs/137247
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in GNOME keyring services: Invalid
> Status in "gdm" source package in Ubuntu: Confirmed
> Status in "pam-keyring" source package in Ubuntu: Won't Fix
> Status in "gdm" source package in Baltix: New
>
> Bug description:
> Binary package hint: libpam-keyring
>
> This is on up-to-date Gutsy:
>
> libpam-keyring doesn't work correctly when set-up together with gdm's
> autologin feature.
>
> As expected, GDM logins automatically the correct user. However
> libpam-keyring fails to retrieve the user's password (probably because it
> wasn't entered) and instead displays a dialog box asking for it, which
> defeats the purpose of the plugin. Instead, if the password isn't available
> it should just do nothing (perhaps log a message somewhere) and allow the
> normal keyring unlocking to work (eg, let Network Manager ask for the
> password when it needs it). This locks the loading process, which is very
> annoying.
>
> Also, the dialog where libpam-keyring asks for the password does NOT mask
> the entered password (eg, with asterisks), making it visible on the screen.
> That's why I'm marking this as a (minor) security vulnerability.
>
> Note: of course this can be worked-around by simply disabling the plugin in
> /etc/pam.d/gdm-autologin (and it doesn't put itself there), but it's still
> buggy behavior.
>
> It's likely that libpam cannot actually retrieve the password on autologins
> (I assume GDM just "su -"s into the username, so it doesn't actually know
> the password), in which case this should be attached as a "wishlist" bug for
> GDM or gnome-keyring. For instance, gnome-keyring might allow itself to be
> unlocked by the "root" user as an optional, lower-security feature.
>
> Here's my config:
>
> $ cat /etc/pam.d/gdm-autologin
> #%PAM-1.0
> auth requisite pam_nologin.so
> auth required pam_env.so readenv=1
> auth required pam_env.so readenv=1 envfile=/etc/default/locale
> auth required pam_permit.so
> auth optional pam_keyring.so try_first_pass
> @include common-account
> session required pam_limits.so
> session optional pam_keyring.so
> @include common-session
> @include common-password
>