MX Linux Forum

chrispop99 wrote: Thu Dec 28, 2023 3:04 pm In the Wiki>rpi-tips, the Miscellaneous section mentions that if using auto-login, Chrome will ask for a password the first time after every session start, but it only does that now once after a new install. Can that Wiki entry be corrected to reflect the change?

Chris

That's probably about creating a new "Default" keyring, wehre it asks to enter twice a password for that new keying?
Not sure, why it would not ask next boot, b/c only PAM-module can unlock a login-keying, which was created by PAM at login witth password. So for autologin, PAM would not create und unlock the login-keyring.

@chrispop99 did you install the rpi-chromium-mods package by any chance?

dolphin_oracle wrote: Thu Dec 28, 2023 4:11 pm its supposed to ask for the keyring login if autologin is enabled. I can't say what hilariousness the rpi folks have done to chromium that might change expected behavior, and I'm not particularly worried about it.

my system asks everytime if I'm using autologin.

If always only autologin was enabled, PAM would not have created a login-keyring.
PAM can only unlock at login the "Login"-keyring. A new "Login" keyring will be created the first time with a password-login, e.g after logout/login.
In case if no login-keyring exists, the user would have been asked to enter password twice in order to create another, new, normal "Password"-keyring, to get the secrets stored.
You find in seahorse chrome Master-passwords stored within the deafauls Password-keyring.
Next time you login with password, it would offer you enable to unlock the normal Password-keyring at login.
Technically gnome-keying will save/store the protecting password of the Default/Password-keying
into the new Login-Keyring, and PAM will unlock the Login-keyring and gnome-keyring-daemon will provide the secretes stored in the additional normal Password-Keyring.
I'm nor clear, why without having a Login-keyring (due to autologin)
a normal Password-keying would have been unlocked.
But the way I check those is by using seahorse.

I can't confirm what Chris is seeing. A clean install with autologin enabled and I saw the two-entry box that fehlix mentions. Every other login/reboot requires a password when I launch the browser.

BTW: somehow RPi gets around all this, and I wonder again about that package we do not have installed: rpi-chromium-mods (need to check name again in a minute when I'm back on the Pi 5)

That is the correct name. I installed it and with a fresh boot (on autologin) I only have to sign in with first launch of browser, but not then with any further log out/in (I bet Chris had installed that earlier when I mentioned it). Apparently that mod also sets up Chromium as default browser (saw that in a post).

Jerry3904 wrote: Thu Dec 28, 2023 5:15 pm I can't confirm what Chris is seeing. A clean install with autologin enabled and I saw the two-entry box that fehlix mentions. Every other login/reboot requires a password when I launch the browser.

BTW: somehow RPi gets around all this, and I wonder again about that package we do not have installed: rpi-chromium-mods (need to check name again in a minute when I'm back on the Pi 5)

The only way I know would be to instruct chromium, to use the cleartext, unprotected secrets-store.
That stuff can be extraced in cleartext from the boot media, so you might tell the user
e.g in the RPi wiki with no protecting password chromium may be a privacy risk, b/c the secrets can be extracted by anyone, who have access the sd/usb without a password.
+++
Or you can get rid of the password by leaving it empty.
Now Cromium stores it's master password unprotected. An any secrets like web-login will be stored
with an unprotected master password. In case user have not disabled saving login-passwords,
all those secrets are now freely accessible with out any password.
At least something to mention in the wiki,in case to do uses this device for any web-login or other login.
and user might not be aware of the implications invovled

Check my post above yours.

Jerry3904 wrote: Thu Dec 28, 2023 4:48 pm So I should leave the Tips as it is, I guess, at least for now. @chrispop99 Were you testing that on the Pi 5 or the Pi 4?

About to do a new installation ...

Both.

Chris

dolphin_oracle wrote: Thu Dec 28, 2023 4:56 pm @chrispop99 did you install the rpi-chromium-mods package by any chance?

Nope.

Chris

Jerry3904 wrote: Thu Dec 28, 2023 5:36 pm Check my post above yours.

Yeah, no password means no protection.