use of gnome-keyring-daemon without X
I'm wondering if it is possible to use gnome-keyring-daemon without X. Normally it will present a graphical prompt in order to acquire a password for the keyring; is there a way around this? I'd like to be able to use ubuntu one without having to start a graphical session and type in my password.
Solution 1:
You can use pam_gnome_keyring.so
to start and unlock the daemon. GDM already does this; for login
, you must configure it manually.
Add these lines to /etc/pam.d/login
:
auth optional pam_gnome_keyring.so session optional pam_gnome_keyring.so auto_start
If you log in without a password (SSH with Kerberos or public keys), this may work: (I haven't tested it)
echo -n "mypassword" | gnome-keyring-daemon --login
(You still need the daemon to be running - either started via PAM or with --daemonize
.)
Solution 2:
Synopsis
The requisite jobs of installing svn with keyring support and installing the Collabnet keyring_tool application are already performed for our Linux servers.
1) Configure SVN client to use keyring:
1.1) Edit ~/.subversion/config
[auth]
password-stores = gnome-keyring
1.2) Edit ~/.subversion/servers
[global]
store-passwords = yes
store-plaintext-passwords = no
2) Create a keyring for your password. You will be prompted to create a new password to unlock the keyring; this may be anything you wish:
keyring_tool --create=svn
3) Set the new keyring as the default:
keyring_tool --setdef=svn
4) In .bash_profile or .bash_login (assuming you are using bash as your terminal)
if [ -e /usr/bin/gnome-keyring-daemon ]; then
if [ ! -z "`kill -0 $GNOME_KEYRING_PID 2>&1`" ]; then
# Create dbus transport link for SVN to talk to the keyring.
eval `dbus-launch --sh-syntax`
# Start the keyring daemon.
# The use of export here captures the GNOME_KEYRING_PID, GNOME_KEYRING_SOCK
# env values echoed out at startup.
export `/usr/bin/gnome-keyring-daemon`
fi
fi
5) In .bash_logout
# Kill the message bus established for SVN / Keyring communication
if [ ! -z "`kill -0 $DBUS_SESSION_BUS_PID 2>&1`" ]; then
kill $DBUS_SESSION_BUS_PID > /dev/null 2>&1
fi
# Kill the Gnome Keyring Daemon prior to logout.
if [ ! -z "`kill -0 $GNOME_KEYRING_PID 2>&1`" ]; then
kill $GNOME_KEYRING_PID > /dev/null 2>&1
fi
Background
I ran into a similar problem while trying to establish a hassle free way to ensure authorized user access to certain SVN repos at work. Basically we had to force credential checking every time a user accesses the server so even the svn update command would require authentication. Clearly plain text password storage was out so with a little research I came upon using the gnome-keyring as a way around harassing our user base with constant authentication requests while still keeping unauthorized users out of repositories they should not have access to view.
Much of our day to day work is done via ssh tunnels into a RedHat server w/o X support so I had to find a way around the X11 support. After some searching I managed to find the way around it here:
Source Material
http://support.wandisco.com/index.php?/Knowledgebase/Article/View/362/17/how-to-setup-encrypted-svn-password-storage-using-gnome-keyring-in-an-ssh-session
They key here is using the Collabnet keyring_tool to create a keyring without the gnome-keyring-manager client and establishing the dbus-launch yourself rather than letting SVN handle the setup. SVN uses DBUS to connect to the gnome-keyring-daemon and affect the overall authentication. By manually starting and tearing down the dbus session with -sh-syntax you avoid trying to connect to an X client on dbus startup. If you just start the gnome-keyring-daemon and attempt to use SVN it will still prompt you for your keyring password but then will prompt you for your SVN credentials as well. The dbus will fail when SVN tries to start it because of the lack of an X client; apparently SVN does not use any special flags when starting the dbus.