Initializing VPN in networkmanager Cause Request for Default Keyring Passphrase
Greeting Slackers!
I have an annoying issue that I've tried numerous solutions to resolve and still can't seem to beat it down. Maybe someone here can help me? I just signed on to a vpn service last night. I manually set up networkmanager using one of the provider's downloadable .ovpn files. All went well. I'm scooting along happily in my vpn tunnel. Here's the problem, though... Networkmanager will not save the password for the vpn. It keep asking me for the keyring default passphrase. I have no clue what that might be. I've tried my login password, my root password, my default gpg password, etc. It's evidently not what the popup is asking for. My question is this: how can I get nm to remember the damned vpn passwords so I won't have to enter them each time? And, how do I get this damned keying default passphrase request to stop popping up... or how can I set the passphrase? Thanks! ~Eric |
I'm not a Gnome desktop user, but if you edit your VPN connection so that it is configured as 'Available to all users' (ie system connection), then it should store the authentication credential in the configuration file, rather than using the Gnome Keyring. It is similar for KDE, where KWallet is used for user-specific connections. BTW, this applies to all connection types where authentication is required.
|
Hi, ferrari!
I don't run Gnome either. I running Xfce4 in Slackware64 14.1. The Gnome gpg tools seem to be a native part of Slackware. I've always used them for the past decade or so. Even with the Gnome daemon not running, networkmanager still wants that default keyring opened so it can save the vpn password. And yes, I've already checked "available for all users." Didn't make any difference. Strange, huh? I've never had an issue like this with Slack in all the years I've been using it. It's weird. I always thought the keyring was unlocked once you logged in with your username in Slack. I've always used the gpa graphic frontend to store and manipulate my keys. I've also used Gnome Privacy Guard (gpg) to encrypt files and emails (via enigmail on Thunderbird) on my system. Well, thanks for the quick reply and the suggestions. I guess I'll just keep tinkering till I blow something up. ;) Cheers, ~Eric |
Well, the Gnome NM front-end just uses the Gnome Keyring by default (regardless of DE), but this is used for user-defined connections. System-wide connections are those that need to accessible before any desktop session is active (so no password manager yet running), and can be setup for all users to access.
Did you log out and back in before trying this? Try recreating the connection and then restart the DE. Start the VPN connection. Any difference? |
I don't think that be related to VPN, Eric, more to the link between NM and the Gnome keyring somehow.
I say that because I observed a similar behavior (admittedly on Slint-pre14.2 but I don't think that can make a difference) not using a VPN but just setting a wireless connection in XFCE to a network with a WEP key. Wanting to use nm-applet to set up the connection I was "greeted" by the keyring dialog asking to set a password. I didn't know what to do so just provided one. It seems that when it's done you have to use it even with other WM like Fluxbox: you need to enter the password every time you open a session, to be able to get a connection, maybe depending of your settings. There may be a way to set this thing in such a way to avoid avoid that, or completely disable the keyring. I will have to investigate as I am a complete newbie in that matter. Of course a practical and comprehensive how-to on that topic provided on SlackDocs would help a lot. Anyone? |
Quote:
For what it's worth, I've been using this setup for the best part of ten years, and it works well. |
Thanks for the info CTM. Maybe there is another way, that does not need a change unlikely to occur so close to the release of Slackware 14.2?
Anyway I feel guilty not to have done my homework. I will investigate after my afternoon walk. |
Quote:
|
Quote:
|
Quote:
And yes, you are correct, I believe, that it is not a VPN issue. It's the NM asking for permission to unlock the default keyring so it can encrypt the VPN password for storage purposes (the SAVE option in NM). This is what I'm trying to do so that the NM will start up prior to the DE with my VPN running already. I'm thinking of going back to Wicd. I used it primarily for many years. I can't really remember why I changed over to Network Manager. Well, I'll keep tinkering... Thanks! :) |
Quote:
Thanks, CTM. :) |
Ah... nevermind about Wicd. No VPN support.
https://answers.launchpad.net/wicd/+faq/1867 Oh, well. :( |
Quote:
(It works well for this, and there's minimal intrusion on the stock packages: you'll need to get PAM from somewhere (vbatts maintains a good SlackBuild), then you'll need to recompile shadow, gnome-keyring and your display manager of choice with PAM support and configure PAM to unlock your "login" keyring when you log in by adding the appropriate lines to the /etc/pam.d/ configuration files.) |
No. No. You misread. I said HAM. I like HAM. HAM is tasty. ;)
|
Solved (I think).
Visited ArchLinux, built and installed Seahorse (latest version: 3.20.0), ran seahorse as didier, followed the instructions to blank the password found on ArchLinux, now the Gnome keyring is out of my way.
Caveat emptor:
|
All times are GMT -5. The time now is 07:50 PM. |