LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 05-20-2016, 03:28 PM   #1
vtel57
Senior Member
 
Registered: Jul 2006
Location: USA
Distribution: Slackware64 - 14.2 w/ Xfce
Posts: 1,519

Rep: Reputation: 423Reputation: 423Reputation: 423Reputation: 423Reputation: 423
Angry Initializing VPN in networkmanager Cause Request for Default Keyring Passphrase


Greeting Slackers!

I have an annoying issue that I've tried numerous solutions to resolve and still can't seem to beat it down. Maybe someone here can help me?

I just signed on to a vpn service last night. I manually set up networkmanager using one of the provider's downloadable .ovpn files. All went well. I'm scooting along happily in my vpn tunnel.

Here's the problem, though...

Networkmanager will not save the password for the vpn. It keep asking me for the keyring default passphrase. I have no clue what that might be. I've tried my login password, my root password, my default gpg password, etc. It's evidently not what the popup is asking for.

My question is this: how can I get nm to remember the damned vpn passwords so I won't have to enter them each time? And, how do I get this damned keying default passphrase request to stop popping up... or how can I set the passphrase?

Thanks!

~Eric
 
Old 05-20-2016, 07:04 PM   #2
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,482

Rep: Reputation: 1080Reputation: 1080Reputation: 1080Reputation: 1080Reputation: 1080Reputation: 1080Reputation: 1080Reputation: 1080
I'm not a Gnome desktop user, but if you edit your VPN connection so that it is configured as 'Available to all users' (ie system connection), then it should store the authentication credential in the configuration file, rather than using the Gnome Keyring. It is similar for KDE, where KWallet is used for user-specific connections. BTW, this applies to all connection types where authentication is required.
 
Old 05-20-2016, 09:29 PM   #3
vtel57
Senior Member
 
Registered: Jul 2006
Location: USA
Distribution: Slackware64 - 14.2 w/ Xfce
Posts: 1,519

Original Poster
Rep: Reputation: 423Reputation: 423Reputation: 423Reputation: 423Reputation: 423
Hi, ferrari!

I don't run Gnome either. I running Xfce4 in Slackware64 14.1. The Gnome gpg tools seem to be a native part of Slackware. I've always used them for the past decade or so. Even with the Gnome daemon not running, networkmanager still wants that default keyring opened so it can save the vpn password. And yes, I've already checked "available for all users." Didn't make any difference. Strange, huh?

I've never had an issue like this with Slack in all the years I've been using it. It's weird. I always thought the keyring was unlocked once you logged in with your username in Slack. I've always used the gpa graphic frontend to store and manipulate my keys. I've also used Gnome Privacy Guard (gpg) to encrypt files and emails (via enigmail on Thunderbird) on my system.

Well, thanks for the quick reply and the suggestions. I guess I'll just keep tinkering till I blow something up.

Cheers,

~Eric
 
Old 05-21-2016, 12:35 AM   #4
ferrari
LQ Guru
 
Registered: Sep 2003
Location: Auckland, NZ
Distribution: openSUSE Leap
Posts: 5,482

Rep: Reputation: 1080Reputation: 1080Reputation: 1080Reputation: 1080Reputation: 1080Reputation: 1080Reputation: 1080Reputation: 1080
Well, the Gnome NM front-end just uses the Gnome Keyring by default (regardless of DE), but this is used for user-defined connections. System-wide connections are those that need to accessible before any desktop session is active (so no password manager yet running), and can be setup for all users to access.

Did you log out and back in before trying this? Try recreating the connection and then restart the DE. Start the VPN connection. Any difference?
 
1 members found this post helpful.
Old 05-21-2016, 12:40 AM   #5
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1 on Lenovo Thinkpad W520
Posts: 10,419

Rep: Reputation: Disabled
I don't think that be related to VPN, Eric, more to the link between NM and the Gnome keyring somehow.

I say that because I observed a similar behavior (admittedly on Slint-pre14.2 but I don't think that can make a difference) not using a VPN but just setting a wireless connection in XFCE to a network with a WEP key.

Wanting to use nm-applet to set up the connection I was "greeted" by the keyring dialog asking to set a password. I didn't know what to do so just provided one.

It seems that when it's done you have to use it even with other WM like Fluxbox: you need to enter the password every time you open a session, to be able to get a connection, maybe depending of your settings.

There may be a way to set this thing in such a way to avoid avoid that, or completely disable the keyring. I will have to investigate as I am a complete newbie in that matter.

Of course a practical and comprehensive how-to on that topic provided on SlackDocs would help a lot.

Anyone?

Last edited by Didier Spaier; 05-21-2016 at 12:41 AM.
 
1 members found this post helpful.
Old 05-21-2016, 07:08 AM   #6
CTM
Member
 
Registered: Apr 2004
Distribution: Slackware
Posts: 308

Rep: Reputation: 287Reputation: 287Reputation: 287
Quote:
Originally Posted by Didier Spaier View Post
It seems that when it's done you have to use it even with other WM like Fluxbox: you need to enter the password every time you open a session, to be able to get a connection, maybe depending of your settings.

There may be a way to set this thing in such a way to avoid avoid that,
There is, but mentioning it in this forum is likely to trigger a civil war so gruesome it'll make 1642-1651 look like a pleasant day out in the park.

For what it's worth, I've been using this setup for the best part of ten years, and it works well.
 
2 members found this post helpful.
Old 05-21-2016, 07:21 AM   #7
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1 on Lenovo Thinkpad W520
Posts: 10,419

Rep: Reputation: Disabled
Thanks for the info CTM. Maybe there is another way, that does not need a change unlikely to occur so close to the release of Slackware 14.2?

Anyway I feel guilty not to have done my homework. I will investigate after my afternoon walk.
 
1 members found this post helpful.
Old 05-21-2016, 09:34 AM   #8
CTM
Member
 
Registered: Apr 2004
Distribution: Slackware
Posts: 308

Rep: Reputation: 287Reputation: 287Reputation: 287
Quote:
Originally Posted by Didier Spaier View Post
Maybe there is another way, that does not need a change unlikely to occur so close to the release of Slackware 14.2?
A Gnome keyring requires a passphrase to unlock, and the unmentionable solution I linked to can be used to automatically pass a user's login password through to the gnome-keyring daemon so it can unlock the "login" keyring when the user logs in via a display manager. Of course, this requires that the login password and "login" keyring passphrase are the same. The only other way I can see this working is if a patch is written for XDM and/or KDM that starts gnome-keyring and sends the daemon a command to unlock the "login" keyring whenever a user logs in, at which point you've essentially reimplemented The Unspeakable, but in a less configurable and reusable way.
 
1 members found this post helpful.
Old 05-21-2016, 05:51 PM   #9
vtel57
Senior Member
 
Registered: Jul 2006
Location: USA
Distribution: Slackware64 - 14.2 w/ Xfce
Posts: 1,519

Original Poster
Rep: Reputation: 423Reputation: 423Reputation: 423Reputation: 423Reputation: 423
Quote:
Originally Posted by ferrari View Post

Did you log out and back in before trying this? Try recreating the connection and then restart the DE. Start the VPN connection. Any difference?
Tried all of that, but no joy.
 
Old 05-21-2016, 05:56 PM   #10
vtel57
Senior Member
 
Registered: Jul 2006
Location: USA
Distribution: Slackware64 - 14.2 w/ Xfce
Posts: 1,519

Original Poster
Rep: Reputation: 423Reputation: 423Reputation: 423Reputation: 423Reputation: 423
Quote:
Originally Posted by Didier Spaier View Post
Of course a practical and comprehensive how-to on that topic provided on SlackDocs would help a lot.

Anyone?
HA-HA! Yes, most definitely.

And yes, you are correct, I believe, that it is not a VPN issue. It's the NM asking for permission to unlock the default keyring so it can encrypt the VPN password for storage purposes (the SAVE option in NM). This is what I'm trying to do so that the NM will start up prior to the DE with my VPN running already.

I'm thinking of going back to Wicd. I used it primarily for many years. I can't really remember why I changed over to Network Manager.

Well, I'll keep tinkering...

Thanks!
 
Old 05-21-2016, 05:58 PM   #11
vtel57
Senior Member
 
Registered: Jul 2006
Location: USA
Distribution: Slackware64 - 14.2 w/ Xfce
Posts: 1,519

Original Poster
Rep: Reputation: 423Reputation: 423Reputation: 423Reputation: 423Reputation: 423
Quote:
Originally Posted by CTM View Post
There is, but mentioning it in this forum is likely to trigger a civil war so gruesome it'll make 1642-1651 look like a pleasant day out in the park.

For what it's worth, I've been using this setup for the best part of ten years, and it works well.
PAM is a fine suggestion. No need for blood and guts because of a mention of that, as far as I'm concerned. I do NOT currently have PAM active/setup on my system, so it's something to consider.

Thanks, CTM.
 
Old 05-21-2016, 06:35 PM   #12
vtel57
Senior Member
 
Registered: Jul 2006
Location: USA
Distribution: Slackware64 - 14.2 w/ Xfce
Posts: 1,519

Original Poster
Rep: Reputation: 423Reputation: 423Reputation: 423Reputation: 423Reputation: 423
Ah... nevermind about Wicd. No VPN support.

https://answers.launchpad.net/wicd/+faq/1867

Oh, well.
 
Old 05-21-2016, 07:38 PM   #13
CTM
Member
 
Registered: Apr 2004
Distribution: Slackware
Posts: 308

Rep: Reputation: 287Reputation: 287Reputation: 287
Quote:
Originally Posted by vtel57 View Post
PAM is a fine suggestion. No need for blood and guts because of a mention of that, as far as I'm concerned.
No, no! You didn't say it! He didn't say it! He didn't say it!

(It works well for this, and there's minimal intrusion on the stock packages: you'll need to get PAM from somewhere (vbatts maintains a good SlackBuild), then you'll need to recompile shadow, gnome-keyring and your display manager of choice with PAM support and configure PAM to unlock your "login" keyring when you log in by adding the appropriate lines to the /etc/pam.d/ configuration files.)
 
Old 05-21-2016, 09:33 PM   #14
vtel57
Senior Member
 
Registered: Jul 2006
Location: USA
Distribution: Slackware64 - 14.2 w/ Xfce
Posts: 1,519

Original Poster
Rep: Reputation: 423Reputation: 423Reputation: 423Reputation: 423Reputation: 423
No. No. You misread. I said HAM. I like HAM. HAM is tasty.
 
Old 05-22-2016, 05:31 AM   #15
Didier Spaier
LQ Addict
 
Registered: Nov 2008
Location: Paris, France
Distribution: Slint64-14.2.1 on Lenovo Thinkpad W520
Posts: 10,419

Rep: Reputation: Disabled
Solved (I think).

Visited ArchLinux, built and installed Seahorse (latest version: 3.20.0), ran seahorse as didier, followed the instructions to blank the password found on ArchLinux, now the Gnome keyring is out of my way.

Caveat emptor:
  • I didn't test on genuine Slackware. However I would be very surprised if it wouldn't work there (no dependency beyond a full Slackware-current).
  • I do not advise anyone to blank the master password as I did. Everyone is responsible of the security of one's system.
I will request that seahorse be shipped in Slackware and if it is not, will include a package for it in Slint.
 
1 members found this post helpful.
  


Reply

Tags
keyring, networkmanager, openvpn, passphrases, vpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
NetworkManager does not add default route for vpn bsd1101 Slackware 1 01-13-2016 02:31 PM
Default keyring Peter Stanworth Linux - Newbie 2 03-21-2014 03:49 PM
Unlock keyring at login for NetworkManager and wireless in KDE michael.guerrero Linux - Software 0 05-08-2009 02:50 PM
Keeping Keyring unlocked in Fedora 8 for NetworkManager cdhgee Linux - Software 0 02-17-2008 10:19 PM
Keyring password request SChipS SUSE / openSUSE 0 02-09-2008 11:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 11:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration