pam authentication for keyring with thinkfinger

Blue_Ice · 02-03-2008, 10:52 AM

Hi all,

I need some help. I have been trying to figure out how to set up thinkfinger to log in and grant access to the keyring. I can get thinkfinger running, but after that I need to enter my password to access the keyring. I also was able to log in with a password (not using pam_thinkfinger.so). After that I can log in and get access to my keyring. When I try to combine both the closest I get is that at the log on prompt I have to enter my password, followed by entering my password again or swipe my finger over the scanner.
I read on several pages that this would be a bug in gnome_keyring_pam, but I am not using that (although tried it). I followed the guides I found about this subject, but none really talked about this issue. Does anyone know how I can get to log on with thinkfinger and after that pass the authentication to the keyring by just logging in once? I am using Fedora 8 on a Lenovo Thinkpad T61p. Below you can find my system-auth and gdm.

System-auth:

Code:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth	    sufficient	  pam_thinkfinger.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

Gdm:

Code:

#%PAM-1.0
auth     [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth       required    pam_env.so
auth	   optional    pam_keyring.so try_first_pass
auth       include     system-auth
#auth       optional    pam_gnome_keyring.so
account    required    pam_nologin.so
account    include     system-auth
password   include     system-auth
session    required    pam_selinux.so close
session    include     system-auth
session    required    pam_loginuid.so
session    optional    pam_console.so
session    required    pam_selinux.so open
session    optional    pam_keyinit.so force revoke
session    required    pam_namespace.so
session    optional    pam_keyring.so auto_start
#session    optional    pam_gnome_keyring.so auto_start

dienal · 02-25-2010, 07:47 AM

Anyone found a solution to this issue

Thanks

Blue_Ice · 02-25-2010, 01:24 PM

Nope, I gave up on it. This was/is a bug in the software. I never tried this again. The only solution I found was very insecure. You needed to store the gnome-keyring password in some file.