First, I'm using Slackware64 and not Slackware ARM. Maybe some of my observations are not applicable to Slackware ARM.
I'm no specialist of Gnome keyring but I use KDE Wallet on KDE 5 and looked into how KDE Wallet can be automatically opened using PAM configuration when the user logs in.
My understanding is that Gnome keyring is a vault/wallet managing user credentials just like KDE wallet (it may do more but you can get the idea). The default wallet of Gnome Keyring is called 'login':
https://wiki.gnome.org/Projects/Gnom...g/KeyringIntro
Quote:
A keyring stores a collection of encrypted passwords and encrypted information about those passwords. A user can have multiple keyrings, each for a different use, but there is a default one, called 'login'. There is also a special 'session' keyring which is not stored on disk and goes away when you log out.
|
That's where one can get confused as to whether Gnome keyring is used to authorize login of the user. It's not. In PAM configuration file, you have the control value (second argument) "optional" when calling the Gnome keyring PAM module (pam_gnome_keyring.so). It means that it's not a mandatory step and failure of the module will not prevent the user to log in.
My testing seems to show that Gnome keyring is started only by PAM in Slackware current. I tried only_if=xdm in my PAM configuration (see my previous post) and when I log in in my system using sddm as my graphical login program, Gnome Keyring is not started. If you use xdm to login, you can use option only_if=gdm to test whether or not Gnome Keyring starts after you log in.
Regarding the current PAM configuration in /etc/pam.d/system-auth:
Code:
$ cat system-auth | grep pam_gnome_keyring
auth optional pam_gnome_keyring.so
session optional pam_gnome_keyring.so auto_start
Case 1: Gnome Keyring package(s) are installed
This PAM configuration will work if you use Gnome Keyring (I haven't tested it as I don't use it)
If you don't use Gnome Keyring, you can comment out those lines.
Using the only_if option could be useful if you want to start Gnome Keyring only for certain processes (login or xdm come to mind) and not do it for the others (su, sshd come to mind).
Case 2: Gnome Keyring package(s) are not installed
This PAM configuration will log error messages in /var/log/secure. In this case, prepend the - character at the
beginning of the lines to avoid pesky error messages.
Or you can comment out those lines as you don't even have Gnome Keyring.