linux - How to lock a unlocked GNOME Keyring?

06
2014-04
  • cbun

    A password prompt is offered to unlock the GNOME Keyring when I login to my user account. I was wondering how to lock the keyring back in the same session it was unlocked? (I understand that I can logout and then login again for the same effect)

    It may be helpful if, for some reason(s), I feel of some suspicious activity and want to first block all programs for further accessing keyring before I investigate the suspicious activity.

    Also, is there anyway to just lock the GUI of GNOME Keyring (Seahorse)?

    • Answers
  • Boogy

    One thing you could do if some suspicious activity takes place, is to kill the gnome-keyring-daemon like so :

    kill -9 $(pgrep gnome-keyring-d)

    You could simply do a simple script to make it automatically:

    #!/bin/bash
case $1 in
    hibernate)
        pkill gnome-keyring-d
        ;;
    suspend)
        pkill gnome-keyring-d
        ;;
    thaw)
        ;;
    resume)
        /usr/bin/gnome-keyring-daemon --daemonize --login
        ;;
    *)  echo "Somebody is calling me totally wrong."
        ;;
esac

    source


    • Related Question

    ubuntu - Why do I need to enter a password for the Default Keyring to unlock?
  • lipton

    When I log into Ubuntu, I am prompted every time to:

    Enter Password for Default Keyring to Unlock

    I want to avoid this step since I am the only person using this machine and I see no reason to have any password protection.

    Is there an easy way to turn this off so I can turn the computer on and get to the desktop without having to enter any passwords, just as I do on my Windows machine?


    • Related Answers
  • nagul

    This can happen if your machine is configured to auto-login. You can work your way around this by setting a blank password for the keyring manager. Follow this guide to do this. This allows anyone using the computer to access your passwords.

    There are a few other cases where you get asked for the keyring password, which I'm not very clear about. However, this prompt is not raised for most configurations.

  • Jim

    Here's an easier, more secure way:

    1) Right click your wireless (Network Manager) icon in the tray and click Edit Connections.

    2) Click the Wireless tab, highlight your wireless connection, then click Edit.

    3) At the bottom there is a checkbox called "Available to all users". Click it then click Apply to save your change.

    It will ask for your password because it is a system-wide change, but that's it! You, or anyone else you make an account for can now log on and get the wireless connection without anyone having access to your (unencrypted) passwords.

    Jim

    CISSP, Security Professional, general Linux enthusiast

  • slm

    This is slightly different in Ubuntu 11.10. I opened up seahorse and deleted the "Passwords: default" folder under the Passwords tab. Once I did this I saw no way to create a new "Passwords: default" folder.

    So I went back to an application that wanted to store it's password in my keyring, I used Empathy for this. While re-logging into one of my accounts I was prompted with a dialog box that asked to enter my password for my chat account. I typed it in and hit "Remember password" checkbox.

    I was then prompted by a second dialog, "New Keyring Password". Here's where it was saying that "An Application wants to create a new keyring called 'Default'. Choose the password you want to use for it." I left this password box blank, and just clicked OK.

    password dialog

    Finally I was presented with a 3rd dialog box asking me if I wanted to "Store passwords unencrypted?" Here I selected "Use Unsafe Storage".

    unsafe storage dialog

  • Adam Butler

    These didn't work for me but found this (comment 11) that does.

    https://bugs.launchpad.net/ubuntu/+source/vino/+bug/562423/comments/11

  • opensas

    here is the way I avoid this trouble maker under CentOS 5.

    1> run "gnome-keyring-manager" to delete all of keyrings, that only "session" left there. because it is not able to be deleted.

    2> copy /etc/sysconfig/network-scripts/ifcdg-wmaster0 into /etc/sysconfig/network-scripts/ifcfg-wlan0

    3> change line "TYPE=Ethernet" into "TYPE=Wireless" in file ifcfg-wlan0

    4> by clicking: System | Administration | Network, "Network Cofiguration" GUI comes out.

    5.1> by selecting: wlan0 as Device, click "Edit", click "Wireless Setings",
    Mode: Managed, Network name(SSID): Specified: YOUR SSID, key: you WEP key.

    5.2> by selecting: wlan0 as Device, click "Edit", click "General",
    set the related items as normal NIC as you want.

    6> after saving. the WIFI NIC can be allocated IP as normal NIC without login.

    7> limitation: it seems only support WEP.

    good lock