Yes, with auto-login enabled you would need to manually unlock the login-keyring.michaelbr wrote: Thu Jan 28, 2021 2:28 am ps: I set to automatically login, this has something to do with asking for password?
Gnome-keyring - unlocked
Re: Gnome-keyring - unlocked
Re: Gnome-keyring - unlocked
Thanks so much for your patience and feedback.fehlix wrote: Thu Jan 28, 2021 8:35 am Yes, with auto-login enabled you would need to manually unlock the login-keyring.
AMD Ryzen 5 Pro 2500U, 16GB, 512 SSD, 1TB HDD, MX23.2
Thanks so much for your comment/suggestion
Michael
Thanks so much for your comment/suggestion
Michael
Re: Gnome-keyring - unlocked
I have made the following experiment. My question is: Is this the normal behaviour?
1. I use auto-login
2. I have one key-ring. It is default and has auto unlock when I log me in manually.
Now I have made this:
0. the default key-ring is unlocked.
1. Added an additional key-ring. Name "experiment", password: "123456"
2. in Seahorse: locked the key-ring "experiment"
3. unlocked the key-ring "experiment"
4. entered the password "123456"
5. checked the text: "Automatically unlock this key ring when logging in"
6. both key-rings are unlocked now
7. log out. log in. (NOT a new boot)
8. My expectation was, that now both key-rings are unlocked. But only the default key-ring is unlocked.
Is this as it should be?
9. Now I open Seahorse
10. try to unlock the key-ring "experiment"
11. -> This works without asking for any password
Is this the way it should work?
Thank you.
Edit: The behaviour is the same, after having added a new password entry into the key-ring "experiment".
1. I use auto-login
2. I have one key-ring. It is default and has auto unlock when I log me in manually.
Now I have made this:
0. the default key-ring is unlocked.
1. Added an additional key-ring. Name "experiment", password: "123456"
2. in Seahorse: locked the key-ring "experiment"
3. unlocked the key-ring "experiment"
4. entered the password "123456"
5. checked the text: "Automatically unlock this key ring when logging in"
6. both key-rings are unlocked now
7. log out. log in. (NOT a new boot)
8. My expectation was, that now both key-rings are unlocked. But only the default key-ring is unlocked.
Is this as it should be?
9. Now I open Seahorse
10. try to unlock the key-ring "experiment"
11. -> This works without asking for any password
Is this the way it should work?
Thank you.
Edit: The behaviour is the same, after having added a new password entry into the key-ring "experiment".
Re: Gnome-keyring - unlocked
Yes, the one keyring which is a the "login" keyring (regardless of the names shown) will be unlocked at login.Duliwi wrote: Fri Mar 05, 2021 9:10 am I have made the following experiment. My question is: Is this the normal behaviour?
1. I use auto-login
2. I have one key-ring. It is default and has auto unlock when I log me in manually.
Now I have made this:
0. the default key-ring is unlocked.
1. Added an additional key-ring. Name "experiment", password: "123456"
2. in Seahorse: locked the key-ring "experiment"
3. unlocked the key-ring "experiment"
4. entered the password "123456"
5. checked the text: "Automatically unlock this key ring when logging in"
6. both key-rings are unlocked now
7. log out. log in. (NOT a new boot)
8. My expectation was, that now both key-rings are unlocked. But only the default key-ring is unlocked.
Is this as it should be?
9. Now I open Seahorse
10. try to unlock the key-ring "experiment"
11. -> This works without asking for any password
Is this the way it should work?
Thank you.
Edit: The behaviour is the same, after having added a new password entry into the key-ring "experiment".
The login-keyring can only be unlocked at login, when both user-login-password and the password of the login-kyring are identical. Now, the login keyinring can hold normal passwords but also passwords from other keyrings.
Liek in you example the "experiment" keyring it protected by it's own password. But you was prompted with the question "Automatically unlock this key ring when logging in", and by accepting it, the system stored the password of the experiment-keyring into the login-keyring. What happens: As soon as an application ( or you manually) try to access the "experiment"-keyring it checks whther this can be automtically unlocked. It can, as long as you have stored it password with the login-keyring. Try to remove the experiment-password from the login-keyring, and it will not unlock anymore without entering the correct experiment-password.

[Klare Sache und damit hopp!]
Re: Gnome-keyring - unlocked
Thank you @fehlix

Indeed. I did not realise that until now.fehlix wrote: Fri Mar 05, 2021 11:55 am ... you was prompted with the question "Automatically unlock this key ring when logging in", and by accepting it, the system stored the password of the experiment-keyring into the login-keyring.
- LibertyLinux
- Posts: 62
- Joined: Tue Aug 11, 2020 1:10 am
Re: Gnome-keyring - unlocked
As far as I can tell this guide allows me to not have to enter my login password of the PC whenever I use Thunar to connect to my local nas. I still have to enter the login to the nas however so I'm not quite sure how exactly useful it really is at this time. I spent 20m trying to understand the 1st post, which btw should be upodated (libpam-gnome-keyring does not need to be installed anymore), and was trying to autologin to the nas with no success.
When I first unlocked the "Login" ring it added an entry for the nas and I hadn't even logged into it yet. VERY confusing.
I created a 2nd keyring to correspond to the nas but that is also confusing. Is the name the address because the only other option is the password?, and of course the "automatically log me in" option does nothing, because it simply doesn't.
Very confusing. 30 m later and now under the 'default' "Login" keyring I have 2 entries: one titled admin@mynas.local, and the other "Unlock password for: smb://admin@mynas.local/. Yet if I log out and back in (Login is unlocked) it prompts me to enter the nas login credentials. Seriously?
If it's unlocked does this mean it automatically stores passwords because automatically logging in isn't working. OR, do I have to create a send ring to incl. the nas that specifically states autologin (didn't work before???)
Like I said, networking is not my forte. I may as well delete what I did cause having to type my login and the nas credentials is simpler than spending 30m trying to figure out seahorse and getting nowhere.
After logging out and in 5 times, and after rebooting 5 times, all I can figure is to simply unlock the "Login" keyring, login to nas (this creates a key entry) and tell it to remember forvever, create a second keyring for nas titled admin@mynas.local and call it a day. I still have to login to the nas on reboots. Logging in and out is simply entering the password which I was trying NOT to do. On boot It STILL makes me login to the nas. USELESS OMG
Seahorse is more like an exercise (a futile one) in entering passwords and rebooting.
Back to square 1. Only difference is I'm logged in, I'm logged into nas, and the "Login" keyring is unlocked with zero entries. No matter what I try it asks me to login to the nas EVERY SINGLE TIME I reboot. I seriously cannot believe it won't allow thunar to login by itself. Who knows whatever
When I first unlocked the "Login" ring it added an entry for the nas and I hadn't even logged into it yet. VERY confusing.
I created a 2nd keyring to correspond to the nas but that is also confusing. Is the name the address because the only other option is the password?, and of course the "automatically log me in" option does nothing, because it simply doesn't.
Very confusing. 30 m later and now under the 'default' "Login" keyring I have 2 entries: one titled admin@mynas.local, and the other "Unlock password for: smb://admin@mynas.local/. Yet if I log out and back in (Login is unlocked) it prompts me to enter the nas login credentials. Seriously?
If it's unlocked does this mean it automatically stores passwords because automatically logging in isn't working. OR, do I have to create a send ring to incl. the nas that specifically states autologin (didn't work before???)
Like I said, networking is not my forte. I may as well delete what I did cause having to type my login and the nas credentials is simpler than spending 30m trying to figure out seahorse and getting nowhere.
After logging out and in 5 times, and after rebooting 5 times, all I can figure is to simply unlock the "Login" keyring, login to nas (this creates a key entry) and tell it to remember forvever, create a second keyring for nas titled admin@mynas.local and call it a day. I still have to login to the nas on reboots. Logging in and out is simply entering the password which I was trying NOT to do. On boot It STILL makes me login to the nas. USELESS OMG
Seahorse is more like an exercise (a futile one) in entering passwords and rebooting.
Back to square 1. Only difference is I'm logged in, I'm logged into nas, and the "Login" keyring is unlocked with zero entries. No matter what I try it asks me to login to the nas EVERY SINGLE TIME I reboot. I seriously cannot believe it won't allow thunar to login by itself. Who knows whatever
Re: Gnome-keyring - unlocked
It works here out of the box. Actually just tested with my NAS using with ftp or smb protocoll and on MX 19.4. LiveISO.
The easiest to test and find the culprit might be, boot from latest LiveISO/USB. As it defaults to autologin
do logout/login to have a login-keyring generated. The way I'm testing is just by booting VirtualBox with networkbridge and attached MX LiveISO. And it stores credentials for both NAS-ftp and NAS-smb.
To start from scratch just remove the existing keyrings ( rm ~/.local/share/keyrings/* )
and logout login again.
If still not working you might consider to give more details. Or if something not yet clear, do formulate it as a specific question, which I can understand and potentially find an answer.

The easiest to test and find the culprit might be, boot from latest LiveISO/USB. As it defaults to autologin
do logout/login to have a login-keyring generated. The way I'm testing is just by booting VirtualBox with networkbridge and attached MX LiveISO. And it stores credentials for both NAS-ftp and NAS-smb.
To start from scratch just remove the existing keyrings ( rm ~/.local/share/keyrings/* )
and logout login again.
If still not working you might consider to give more details. Or if something not yet clear, do formulate it as a specific question, which I can understand and potentially find an answer.

- LibertyLinux
- Posts: 62
- Joined: Tue Aug 11, 2020 1:10 am
Re: Gnome-keyring - unlocked
Thanks. I remember, not even sure exactly when, but I had checked a gnome-keyring? box in the boot/sessions dialog one time and then on reboot it asked for a keyring password (3rd password?) you enter only once per session, I think, I really don't remember. I did not have a nas or network then. If I check the last box in sessions, some keyring thing, I do not get any prompts after booting that anything has changed. I'm aware of having a keyring password but do not want to have an arbitrary time at which it pops up. If I need to, or it's useful to use it, I want it to be the very next thing I do after I login to password safe when booting. Shoots I don't really know what the keyring does (for me) at this point. I can't quite figure out the seahorse nonsense.
I literally had 2 "login" keyrings going at once when I checked seahorse yesterday and deleted one. I did not mess with seahorse at all as I had 'reset' it and it just created a 2nd entry all on it's own. Could be my network config. I'm running a wireguard vpn but I generally connect to the same ap using the same browser, thunar, or DC, though either works (the nas has it's own AP). The nas does use a website cert but I'm not sure that has anything to do with seahorse stuff lol.
Once your login keyring creates entries do you lock it, reboot, and are then prompted for the keyring password? As far as I know I have never created one on this device. I was running it unlocked. Please excuse me if It's confusing because it really is. A simple one time per session entry to NOT have to constantly enter a network login would be great. And why if I hadn't even connected to my nas would editing the blank login keyring automatically populate it with my nas entry? That makes no sense at all. Unless the data is hidden of course.
I literally had 2 "login" keyrings going at once when I checked seahorse yesterday and deleted one. I did not mess with seahorse at all as I had 'reset' it and it just created a 2nd entry all on it's own. Could be my network config. I'm running a wireguard vpn but I generally connect to the same ap using the same browser, thunar, or DC, though either works (the nas has it's own AP). The nas does use a website cert but I'm not sure that has anything to do with seahorse stuff lol.
Once your login keyring creates entries do you lock it, reboot, and are then prompted for the keyring password? As far as I know I have never created one on this device. I was running it unlocked. Please excuse me if It's confusing because it really is. A simple one time per session entry to NOT have to constantly enter a network login would be great. And why if I hadn't even connected to my nas would editing the blank login keyring automatically populate it with my nas entry? That makes no sense at all. Unless the data is hidden of course.
Re: Gnome-keyring - unlocked
OK, I may see some confusion.LibertyLinux wrote: Thu May 13, 2021 9:51 am Thanks. I remember, not even sure exactly when, but I had checked a gnome-keyring? box in the boot/sessions dialog one time and then on reboot it asked for a keyring password (3rd password?) you enter only once per session, I think, I really don't remember. I did not have a nas or network then. If I check the last box in sessions, some keyring thing, I do not get any prompts after booting that anything has changed. I'm aware of having a keyring password but do not want to have an arbitrary time at which it pops up. If I need to, or it's useful to use it, I want it to be the very next thing I do after I login to password safe when booting. Shoots I don't really know what the keyring does (for me) at this point. I can't quite figure out the seahorse nonsense.
I literally had 2 "login" keyrings going at once when I checked seahorse yesterday and deleted one. I did not mess with seahorse at all as I had 'reset' it and it just created a 2nd entry all on it's own. Could be my network config. I'm running a wireguard vpn but I generally connect to the same ap using the same browser, thunar, or DC, though either works (the nas has it's own AP). The nas does use a website cert but I'm not sure that has anything to do with seahorse stuff lol.
Once your login keyring creates entries do you lock it, reboot, and are then prompted for the keyring password? As far as I know I have never created one on this device. I was running it unlocked. Please excuse me if It's confusing because it really is. A simple one time per session entry to NOT have to constantly enter a network login would be great. And why if I hadn't even connected to my nas would editing the blank login keyring automatically populate it with my nas entry? That makes no sense at all. Unless the data is hidden of course.
Note Seahorse is just a tool for viewing/accessing all kinds of keyrings like pgp/gpg and also gnome-keyrings and some more.
You can even uninstall seahorse, it would not change the functionality of the login-keyring mechanism.
Further, to make auto-unlock gnome-keyring working: not the user but the pam-authentication plugin will create a login-keyring at first login, when no login-keying is available. A user cannot create a "login"-keying only PAM can do.
Please do this, to make/check login-keyring mechanism works:
-> Close "all" apps.
-> Remove all keyrings/files under ~/.local/share/keyrings
-> logout and login from the X-session.
Check pam has create a new keyring:
Code: Select all
ls -l ~/.local/share/keyrings
E.g. some chromium based browser, like vivaldi, chrome/chromium do save a "master" key into gnome-keyring.
check with seahorse those app#s just created an entry
Code: Select all
seahorse
- LibertyLinux
- Posts: 62
- Joined: Tue Aug 11, 2020 1:10 am
Re: Gnome-keyring - unlocked
I believe that did the trick. I deleted the default "Login" ring (it then listed 12 keyrings when before it was 16), logged out & in. When I went to login to my nas it wanted to create a new keyring password. If you can believe this, I'd been using my actual login every time it would ask for a password (it never asked to create a new keyring password for some reason-maybe I missed it), so deleting everything worked. Finally. At least now my 3 passwords are working as they should be and most importantly I'm not using my login password as the keyring password.
Thank you so much sir.
MX ROXS! as usual
Thank you so much sir.
MX ROXS! as usual