Problem
This question seems to have been asked a billion times, but I'm still completely unable to unlock my login keyring automatically.
Background
I automatically login, chvt and startx along these lines into i3wm, which then fires up a modified i3lock. I really want my gnome login keyring to automatically unlock when I login (or perhaps when I unlock i3lock), but I haven't been able to successfully implement any of the instructions I've found online.
Findings
The arch wiki has a whole thing about this which I tried but failed to do. I've also looked around at various other questions/answers which have similar instructions to no avail.
One weird thing I noticed is that I am unable to unlock the login keyring via echo $LOGINPASSWORD | gnome-keyring-daemon --unlock
. journalctl
reports
Jul 07 20:08:16 ERIS gnome-keyring-daemon[26585]: failed to unlock login keyring on startup
when I open up seahorse to unlock it manually it reports that the login password has changed and asks me to input my old password. journalctl reports
Jul 07 20:08:43 ERIS gnome-keyring-daemon[26585]: fixed login keyring password to match login password
upon which i am unable to unlock the keyring again with my password (fortunately I made a backup beforehand).
Extra info
Here are some relevant /etc/pam.d/
files, hopefully nothing sensitive here LOL (removed comments for brevity, order unchanged. Note that I also tried this .xinitrc bit but it didn't do anything). The only thing I manually added were the pam_gnome_keyring.so
bits, except for the stuff in /etc/pam.d/i3lock; anything else was already there, either by default or due to some other package.
/etc/pam.d/login
auth optional pam_faildelay.so delay=3000000
auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
auth requisite pam_nologin.so
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
auth optional pam_group.so
session required pam_limits.so
session optional pam_lastlog.so
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
session optional pam_mail.so standard
session required pam_loginuid.so
@include common-account
@include common-session
@include common-password
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
auth optional pam_gnome_keyring.so
session optional pam_gnome_keyring.so auto_start
/etc/pam.d/common-auth
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
auth required pam_permit.so
/etc/pam.d/common-account
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so
/etc/pam.d/common-session
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_umask.so
session required pam_unix.so
session optional pam_systemd.so
/etc/pam.d/passwd
@include common-password
/etc/pam.d/common-password
password [success=1 default=ignore] pam_unix.so obscure sha512
password requisite pam_deny.so
password required pam_permit.so
password optional pam_gnome_keyring.so
/etc/pam.d/i3lock
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass likeauth nullok
session optional pam_gnome_keyring.so auto_start
Best Answer
It is in principle impossible to automatically unlock keyring on autologin, if you set any password for the keyring. The reason is that without autologin, PAM passes the password you enter for logging-in to the keyring simultaneously, and the keyring gets unlocked. If you perform autologin, there is no password to pass to the keyring, and the keyring cannot be unlocked.
The only solution to automatically unlock keyring on autologin is to remove password from the keyring completely.
Install
seahorse
package from the software repository:Launch the
seahorse
:Right click "Login" and select "Change password" in the context menu.
Enter the current password.
Enter empty password as the new one.