[SOLVED] What keyring is in slack current and how to access it

phalange · 04-14-2020, 09:20 AM

I get popups about

Quote:

An application wants to create a new keyring called 'Default Keyring'

I've found plenty online about simply hitting 'enter' and having an empty password keyring and the prompts go away.

That's not what I want to do.

Rather, I'd like to know: What app controls the keyring? Is it gnome-keyring? It's installed but doesn't appear to have any configuration options at all. Seahorse is not on the system.

If there's an embedded keyring daemon running, I'd like to be able to configure it. Any suggestions?

Gordie · 04-14-2020, 01:46 PM

Need more info. KDE? XFCE? ?

phalange · 04-14-2020, 03:30 PM

Quote:

Originally Posted by Gordie

Need more info. KDE? XFCE? ?

XFCE

Skaendo · 04-14-2020, 04:09 PM

It might not be best practice, but I turn gnome-keyring off.

Code:

# chmod -x $(type -p gnome-keyring-daemon)

I just find it annoying.

Richard Cranium · 04-14-2020, 04:25 PM

Quote:

Originally Posted by phalange

I get popups about

I've found plenty online about simply hitting 'enter' and having an empty password keyring and the prompts go away.

That's not what I want to do.

Rather, I'd like to know: What app controls the keyring? Is it gnome-keyring? It's installed but doesn't appear to have any configuration options at all. Seahorse is not on the system.

If there's an embedded keyring daemon running, I'd like to be able to configure it. Any suggestions?

It's gnome-keyring-daemon. Take a look at the autostarted services in Applications -> Settings -> Session and Startup -> Application Autostart

I haven't seen any way to configure it other than command line options (maybe DBus can, but I haven't looked into that).

phalange · 04-14-2020, 05:14 PM

Quote:

Originally Posted by Skaendo

I just find it annoying.

Me too, mostly since I don't want to dump passwords into some black hole.

Quote:

Originally Posted by Richard Cranium

It's gnome-keyring-daemon.

Interestingly neither the "Certificate and Key Storage" nor the "Secret Storage Service" are enabled in session startup. And yet this thing comes alive every time Nextcloud loads (and sometimes with Brave Browser logging into Google).

I just checked htop, and the daemon is running. I may have to use skaendo's suggestion and kill it at the source. It's utterly useless if I can't control it.

Gordie · 04-14-2020, 05:18 PM

Quote:

Originally Posted by phalange

XFCE

Look in ~/config/autostart for gnome-keyring-gpg.desktop

Change it to read

Code:

[Desktop Entry]
Type=Application
Hidden=true

phalange · 04-14-2020, 05:20 PM

Quote:

Originally Posted by Gordie

Look in ~/config/autostart for gnome-keyring-gpg.desktop

Change it to read

Code:

[Desktop Entry]
Type=Application
Hidden=true

I see, so this effectively mutes it?

Gordie · 04-14-2020, 06:02 PM

Quote:

Originally Posted by phalange

I see, so this effectively mutes it?

Mine is muted and that is copied from my file.
Oh,make it non-executable

Richard Cranium · 04-14-2020, 06:39 PM

Quote:

Originally Posted by phalange

Interestingly neither the "Certificate and Key Storage" nor the "Secret Storage Service" are enabled in session startup. And yet this thing comes alive every time Nextcloud loads (and sometimes with Brave Browser logging into Google).

DBus is probably doing its magic under the covers.

You can launch qdbusviewer-qt5 and look in the Session Bus tab; you'll find both org.freedesktop.secrets and org.gnome.keyring in there.

You can double-click on leaves in the Methods panel to see what DBus knows about your session.

phalange · 04-14-2020, 07:23 PM

Thanks everyone. The Zombie Keyring is going down.

Skaendo · 04-14-2020, 07:42 PM

Quote:

Originally Posted by phalange

Thanks everyone. The Zombie Keyring is going down.

If you kill it like I do, you'll need to stop it or reboot for it to take effect.

Gordie · 09-17-2021, 07:33 PM

Quote:

Originally Posted by Skaendo

It might not be best practice, but I turn gnome-keyring off.

Code:

# chmod -x $(type -p gnome-keyring-daemon)

I just find it annoying.

My method didn't work this time but this method works

BernieK · 10-03-2021, 04:57 PM

Similar concern; gnome-keyring-daemon unexpectedly appeared in the process list for my Slackware box:

Code:

$ ps -e f | grep gnome-keyring | grep -v grep
 3150 ?        Sl     0:00 /usr/bin/gnome-keyring-daemon --start --foreground --components=secrets

A little grepping found two dbus files (contents below) for starting gnome-keyring-daemon with the arguments shown in the above process list extract:

Code:

$ cat /usr/share/dbus-1/services/org.freedesktop.secrets.service
[D-BUS Service]
Name=org.freedesktop.secrets
Exec=/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets

$ cat /usr/share/dbus-1/services/org.gnome.keyring.service
[D-BUS Service]
Name=org.gnome.keyring
Exec=/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets

Commenting-out the "Exec" lines in the two *.service files above (or replacing them with "Exec=/usr/bin/false") may be a "chmod -x" alternative to prevent gnome-keyring-daemon from starting. I unfortunately am unable to determine whether this alternative really works since gnome-keyring-daemon has not again magically started.

Why gnome-keyring-daemon was started during my previous X Window session is unknown, though I suspect Mozilla Thunderbird triggered it given Thunderbird is the only process on my Slackware box that cares about dbus (and will start dbus-launch and thus dbus-daemon on its own if/when those processes do not exist).

Code:

$ cat slackware-version
Slackware 14.2
$ uname -srvmo
Linux 4.4.276 #1 SMP Tue Jul 20 23:23:58 CDT 2021 x86_64 GNU/Linux

BernieK · 12-23-2023, 02:29 PM

The problem recurred, making it easier to solve.

Editing the two pam_gnome_keyring.so associated records in the /etc/pam.d/system-auth file such that the keyring is only applied under specific window managers eliminates the problem. That file's two sections containing those two records are copied below for convenient reference. I do not need gnome-keyring, and I am using fvwm, so each associated record's only_if argument limits the keyring to running only under the listed window managers - of which in my case fvwm is intentionally omitted:

Code:

	##################
	# Authentication #
	##################
	auth        required      pam_env.so
	auth        optional      pam_group.so
	auth        required      pam_unix.so likeauth nullok
	-auth       optional      pam_gnome_keyring.so  only_if=gdm,sddm,xdm

	#########################
	# Session Configuration #
	#########################
	# This applies the limits specified in /etc/security/limits.conf
	session     required      pam_limits.so
	session     required      pam_unix.so
	#session     required     pam_lastlog.so showfailed
	#session     optional     pam_mail.so standard
	-session     optional     pam_gnome_keyring.so auto_start  only_if=gdm,sddm,xdm