Unlock gnome-keyring on Login with SLiM and PAM

May 5, 2010

My favorite desktop environment is XFCE, because it’s fast, doesn’t need much memory¹ and still is convenient (automounting of CDs and memory sticks, easy unmounting by clicking, a real desktop, etc). I also use SLiM as a display manager because it is slim and looks much better than xdm.

On my Laptop I also use GNOME’s NetworkManager because I haven’t yet found a better and less bloated alternative for handling wireless networks and VPNs. NetworkManager is able to store your passwords (WPA-keys etc) in the GNOME Keyring so you don’t need to enter them each time your laptop connects to a wireless network. But you still have to enter the password to unlock the keyring.. unless you let PAM handle that on login.

I’ll describe how to make PAM unlock your GNOME-Keyring, when you log in with SLiM, so applications like the NetworkManager can access the keyring. I’ll focus on how to do that with Debian “squeeze” (the current testing), but it should be directly applicable for Ubuntu (at least “Lucid”, for older versions you’ll have to build your own slim package with PAM support - or maybe use the one from debian) and quite similar in any other Linux distribution.

What should be installed?

  • slim SLiM, with PAM-support (if you compile yourself: make USE_PAM=1)
  • gnome-keyring the GNOME keyring daemon
  • libpam-gnome-keyring PAM module to unlock the GNOME keyring upon login (if you compile it yourself: should be contained in gnome-keyring sources)
  • probably some software using the GNOME keyring, like network-manager-gnome
If you haven't used slim before, you may configure it by editing /etc/slim.conf, at least for debian it contains helpful comments. Most interesting is the sessions option to set the sessions you want to use (I only use startxfce4).

Configuration

You need to edit /etc/pam.d/slim. If that file doesn’t exist (I hope it will be added to debians SLiM package soon), just paste it from the debian bugreport #476248. However, to unlock the keyring you need to add the following two lines to the end of the file:

auth    optional        pam_gnome_keyring.so
session    optional        pam_gnome_keyring.so  auto_start

That should be all. Just log out, log back in and the keyring should be unlocked, so applications can access it without entering further passwords. If it does not work and you’ve used GNOME keyring before, you may have to delete ~/.gnome2/keyrings/ to make it work correctly.