headers
Bruce Korb | 9 Apr 2012 20:06
Picon

Is there any way to kill a seahorse?

(Sorry for the troll -- it's taken me waaaaay too much
time to chase down who is responsible for asking
me over and over and over again to provide my password.)

I didn't ask for it and there is no plainly obvious way.
That is a crummy way to treat your customers.
I am looking for a clean, big, bright button saying, "DISABLE"
and it is not to be found.  Also, the name "seahorse" is
a ridiculously obscure project name for some anonymous window
that keeps popping up demanding attention from anything else
I might happen to be doing.

I am sure you have no idea
about how appallingly awful I consider an unstoppable intrusive
interface to be.  I do not want anything to pop up and disable
my desktop until I've typed in a password.  That is what login
is all about.  I always configure my ssh targets to accept my
varying public keys, so once I'm logged in I have no need to
type passwords again, except for this horrid little Gnomey thingy
that seizes my desktop until I've dismissed it.  Please be kind
enough to do two things:

1. tell me how to kill the little bugger fully dead so I never
    see it ever again, and

2. put a button on that pop-up window that offers the same thing
    to folks who are not persistent enough to chase down the cause.

There's supposed to be a list of apps to start at Gnome startup,
but search as I might through ~/.local and ~/.gnome2, I sure cannot
(Continue reading)

Permalink | Reply |
headers
Adam Tauno Williams | 9 Apr 2012 20:43
Gravatar

Re: Is there any way to kill a seahorse?

Quoting Bruce Korb <bkorb <at> gnu.org>:
> I didn't ask for it and there is no plainly obvious way.
> That is a crummy way to treat your customers.
> I am looking for a clean, big, bright button saying, "DISABLE"
> and it is not to be found.

Because disabling the key ring management makes no sense.

> I am sure you have no idea
> about how appallingly awful I consider an unstoppable intrusive
> interface to be.  I do not want anything to pop up and disable
> my desktop until I've typed in a password.  That is what login
> is all about.  I always configure my ssh targets to accept my
> varying public keys, so once I'm logged in I have no need to
> type passwords again, except for this horrid little Gnomey thingy
> that seizes my desktop until I've dismissed it.  Please be kind
> enough to do two things:

It asks you to unlock your keyring / passphrase.  The simplest  
solution is to let it do that.  You have to enter it sooner or later  
anyway.

> There's supposed to be a list of apps to start at Gnome startup,
> but search as I might through ~/.local and ~/.gnome2, I sure cannot
> find anything resembling any of startup, keyring (other than
> ~/.gnome2/keyring) or seahorse that I can configure to gone.

Unlocking your keyring should be integrated via PAM when you login via  
the display manager.  It should open the "login" keyring using your  
login password.
(Continue reading)

Permalink | Reply |
headers
Bruce Korb | 9 Apr 2012 22:36
Picon

Re: Is there any way to kill a seahorse?


Hi Adam,

Thanks for your reply:

On 04/09/12 11:43, Adam Tauno Williams wrote:
 > Quoting Bruce Korb <bkorb gnu org>:
 >> ..., except for this horrid little Gnomey thingy
 >> that seizes my desktop until I've dismissed it.  Please be kind
 >> enough to do two things:
 >
 > It asks you to unlock your keyring / passphrase.
 > The simplest solution is to let it do that.
 > You have to enter it sooner or later anyway.

I'd be happy doing that, but for the fact it keeps asking over
and over and over and over.  If I did that and it went away,
I'd have not chased this down.  Anyway, I've not had any need
of keyrings up until now, so if there is a compelling reason
for having it do its helpful task, then it needs to be helpful
in a quiet, non-intrusive way.  That, or be shot dead.

 >> I didn't ask for it and there is no plainly obvious way. ...
 >> I am looking for a clean, big, bright button saying, "DISABLE"
 >> and it is not to be found.
 >
 > Because disabling the key ring management makes no sense.

I have been okay without it for about 40 years.  But also
pestering me over and over makes no sense either.
(Continue reading)

Permalink | Reply |
headers
Adam Tauno Williams | 10 Apr 2012 11:55
Gravatar

Re: Is there any way to kill a seahorse?

On Mon, 2012-04-09 at 13:36 -0700, Bruce Korb wrote:
> Thanks for your reply:
> On 04/09/12 11:43, Adam Tauno Williams wrote:
>  > Quoting Bruce Korb <bkorb gnu org>:
>  >> ..., except for this horrid little Gnomey thingy
>  >> that seizes my desktop until I've dismissed it.  Please be kind
>  >> enough to do two things:
>  > It asks you to unlock your keyring / passphrase.
>  > The simplest solution is to let it do that.
>  > You have to enter it sooner or later anyway.
> I'd be happy doing that, but for the fact it keeps asking over
> and over and over and over.  If I did that and it went away,
> I'd have not chased this down.  

In seahorse do you see a "login" keyring under "Passwords"?  If so you
can delete it and create a new keyring named login, or choose 'change
password' and make sure it is the same password that you use to login
[perhaps you changed your password].

Yourr /etc/pam.d/common-auth probably looks like -

auth	required	pam_env.so	
auth	sufficient	pam_fprint.so	
auth	optional	pam_gnome_keyring.so
auth	required	pam_unix2.so	

The "pam_gnome_keyring" module initializes [or attempts to] the keyring
manager with your login password.  If something messes around in your
PAM configuration that can screw up initialization of the keyring.
(Continue reading)

Permalink | Reply |
headers
Bruce Korb | 11 Apr 2012 22:49
Picon

Re: Is there any way to kill a seahorse?

On 04/10/12 02:55, Adam Tauno Williams wrote:
> On Mon, 2012-04-09 at 13:36 -0700, Bruce Korb wrote:
>> Thanks for your reply:

Thank you _again_ for your reply! :)

>> On 04/09/12 11:43, Adam Tauno Williams wrote:
> In seahorse do you see a "login" keyring under "Passwords"?

"seahorse" is the name of the project that handles the
Gnome keyring, but there is no executable named "seahorse".
If you try running "gnome-keyring", you get a cryptic message.
There is no man page entry for such a beast, either.
So I have to ask, what do you mean by "In seahorse"?

> If so you
> can delete it and create a new keyring named login, or choose 'change
> password' and make sure it is the same password that you use to login
> [perhaps you changed your password].
>
> Yourr /etc/pam.d/common-auth probably looks like -
>
> auth	required	pam_env.so	
> auth	sufficient	pam_fprint.so	<<< not this, but not important
> auth	optional	pam_gnome_keyring.so
> auth	required	pam_unix2.so	
>
> The "pam_gnome_keyring" module initializes [or attempts to] the keyring
> manager with your login password.  If something messes around in your
> PAM configuration that can screw up initialization of the keyring.
(Continue reading)

Permalink | Reply |
headers
Michael Stephenson | 11 Apr 2012 22:55
Picon

Re: Is there any way to kill a seahorse?

Seahorse requires your password to decrpyt the stored passwords. Without the password decypting the stored passwords is impossible.
However if you have a blank password for gnome keyring the stored passwords will not be encrypted. Since you log in with no password and don't seem to be concerned about the security of the passwords stored in your home folder you might swell open seahorse and change the password to a blank one.
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Bruce Korb <bkorb <at> gnu.org> wrote:
On 04/10/12 02:55, Adam Tauno Williams wrote:
> On Mon, 2012-04-09 at 13:36 -0700, Bruce Korb wrote:
>> Thanks for your reply:

Thank you _again_ for your reply! :)

>> On 04/09/12 11:43, Adam Tauno Williams wrote:
> In seahorse do you see a "login" keyring under "Passwords"?

"seahorse" is the name of the project that handles the
Gnome keyring, but there is no executable named "seahorse".
If you try running "gnome-keyring", you get a cryptic message.
There is no man page entry for such a beast, either.
So I have to ask, what do you mean by "In seahorse"?

> If so you
> can delete it and create a new keyring named login, or choose 'change
> password' and make sure it is the same password that you use to login
> [perhaps you changed your password].
>
> Yourr /etc/pam.d/common-auth probably looks like -
>
> auth required pam_env.so
> auth sufficient pam_fprint.so <<< not this, but not important
> auth optional pam_gnome_keyring.so
> auth required pam_unix2.so
>
> The "pam_gnome_keyring" module initializes [or attempts to] the keyring
> manager with your login password. If something messes around in your
> PAM configuration that can screw up initialization of the keyring.

All of your references to "login password" lead me to ask another question:

Is everything all messed up if you have a password-less login?

My computer is in a locked room that only I have access to.
My wife can get in, but only I ever use the system.
Would this be the source of confusion?

seahorse-lis t mailing list
seahorse-list <at> gnome.org
http://mail.gnome.org/mailman/listinfo/seahorse-list
_______________________________________________
seahorse-list mailing list
seahorse-list <at> gnome.org
http://mail.gnome.org/mailman/listinfo/seahorse-list
Permalink | Reply |
headers
Bruce Korb | 12 Apr 2012 01:36
Picon

Re: Is there any way to kill a seahorse?

On 04/11/12 13:55, Michael Stephenson wrote:
> Seahorse requires your password to decrpyt the stored passwords.
>  Without the password decypting the stored passwords is impossible.
> However if you have a blank password for gnome keyring the stored
>  passwords will not be encrypted. Since you log in with no password
>  and don't seem to be concerned about the security of the passwords
>  stored in your home folder you might swell open seahorse and
>  change the password to a blank one.

One slight drawback:  If, say, some app that I use were to become
a virus vector, where I keep my database of sites and passwords
is pretty much unguessable.  An unencrypted, standardized tool's
database is not so obscure.  So, I don't want seahorse keeping my
passwords, thank you very much.  I'll "vi" my private database.

I now go back to my initial question, how do I get this beast
off of my system forever?
Permalink | Reply |
headers
Michael Stephenson | 12 Apr 2012 04:11
Picon

Re: Is there any way to kill a seahorse?

So suddenly you care about securitry again?
I don't know whether over the course of these exchanges you actually developed an understanding of what seahorse/gnome-keyring does.

But it means when you sign in it carries over the password you typed as an encryption key to decrypt the password you saved, if it differs from your log in password it will prompt you for that password.
The crucial thing here is to make it secure it does not store the decryption key on your system so you cant be compromised without someone knowing your password or a supercomputer.
In your confused head you want rid of this system because it is inconvenient, having to enter a password all the time.
But at the same time you worry about a virus compromising your system and getting your password... You can't have both!
There are two ways to be secure, either you have one password which acts as a key to encrypt and unlock your other passwords, or you log in every time you open your e mail client or log in to a website.
If you have experience from another operating system which you believed offered the fictional security you believe you had before, then you are quite deluded.
Frankly either store all you password in you head and enter them every time, and never click "remember my password" on a website, or use gnome-keyring abd put up with the mild inconvenience. because if you do neither a "rogue virus" can access your passwords, whether the convenient UI of whatever you have used previously tells you so or not.

On 12 April 2012 00:36, Bruce Korb <bkorb <at> gnu.org> wrote:
On 04/11/12 13:55, Michael Stephenson wrote:
Seahorse requires your password to decrpyt the stored passwords.
 Without the password decypting the stored passwords is impossible.
However if you have a blank password for gnome keyring the stored
 passwords will not be encrypted. Since you log in with no password
 and don't seem to be concerned about the security of the passwords
 stored in your home folder you might swell open seahorse and
 change the password to a blank one.

One slight drawback:  If, say, some app that I use were to become
a virus vector, where I keep my database of sites and passwords
is pretty much unguessable.  An unencrypted, standardized tool's
database is not so obscure.  So, I don't want seahorse keeping my
passwords, thank you very much.  I'll "vi" my private database.

I now go back to my initial question, how do I get this beast
off of my system forever?

_______________________________________________
seahorse-list mailing list
seahorse-list <at> gnome.org
http://mail.gnome.org/mailman/listinfo/seahorse-list
Permalink | Reply |
headers
Dimitrios Siganos | 12 Apr 2012 05:16

Re: Is there any way to kill a seahorse?

I think you are both arguing just for the sake of arguing. Bruce makes a valid point but just doesn't seem to know how to put it across without offending people. Michael also makes valid points but I think he doesn't quite understand Bruce's argument.

Bruce is right in that, if you are going to store passwords unencrypted, the last thing you want to do, is collect them all in one standard well-known place. However, that is an unfair remark against seahorse because seahorse is clearly not intended to be used in such a way. Clearly, seahorse is meant to be used with a password.

I think the only valid question is: can seahorse be (easily) disabled without destroying the rest of the Gnome experience?

Dimitris

On 11/04/12 22:11, Michael Stephenson wrote:
So suddenly you care about securitry again?
I don't know whether over the course of these exchanges you actually developed an understanding of what seahorse/gnome-keyring does.
But it means when you sign in it carries over the password you typed as an encryption key to decrypt the password you saved, if it differs from your log in password it will prompt you for that password.
The crucial thing here is to make it secure it does not store the decryption key on your system so you cant be compromised without someone knowing your password or a supercomputer.
In your confused head you want rid of this system because it is inconvenient, having to enter a password all the time.
But at the same time you worry about a virus compromising your system and getting your password... You can't have both!
There are two ways to be secure, either you have one password which acts as a key to encrypt and unlock your other passwords, or you log in every time you open your e mail client or log in to a website.
If you have experience from another operating system which you believed offered the fictional security you believe you had before, then you are quite deluded.
Frankly either store all you password in you head and enter them every time, and never click "remember my password" on a website, or use gnome-keyring abd put up with the mild inconvenience. because if you do neither a "rogue virus" can access your passwords, whether the convenient UI of whatever you have used previously tells you so or not.

On 12 April 2012 00:36, Bruce Korb <bkorb <at> gnu.org> wrote:
On 04/11/12 13:55, Michael Stephenson wrote:
Seahorse requires your password to decrpyt the stored passwords.
 Without the password decypting the stored passwords is impossible.
However if you have a blank password for gnome keyring the stored
 passwords will not be encrypted. Since you log in with no password
 and don't seem to be concerned about the security of the passwords
 stored in your home folder you might swell open seahorse and
 change the password to a blank one.

One slight drawback:  If, say, some app that I use were to become
a virus vector, where I keep my database of sites and passwords
is pretty much unguessable.  An unencrypted, standardized tool's
database is not so obscure.  So, I don't want seahorse keeping my
passwords, thank you very much.  I'll "vi" my private database.

I now go back to my initial question, how do I get this beast
off of my system forever?



_______________________________________________ seahorse-list mailing list seahorse-list <at> gnome.org http://mail.gnome.org/mailman/listinfo/seahorse-list 

_______________________________________________
seahorse-list mailing list
seahorse-list <at> gnome.org
http://mail.gnome.org/mailman/listinfo/seahorse-list
Permalink | Reply |
headers
Michael Stephenson | 12 Apr 2012 12:04
Picon

Re: Is there any way to kill a seahorse?

Hi

Bruce is right in that, if you are going to store passwords unencrypted, the last thing you want to do, is collect them all in one standard well-known place. However, that is an unfair remark against seahorse because seahorse is clearly not intended to be used in such a way. Clearly, seahorse is meant to be used with a password.

What I don't understand is that Bruce wants passwordless log ins for convenience, but is happy to type his password for every website he logs in to and never click "remember my password" on websites.
He is happy to type passwords for 14 different accounts whenever he uses his computer, but he'll be damned if he has to type one on log in?
Frankly it seems he wants the moon on a stick!

Michael.
_______________________________________________
seahorse-list mailing list
seahorse-list <at> gnome.org
http://mail.gnome.org/mailman/listinfo/seahorse-list
Permalink | Reply |
headers
Bruce Korb | 12 Apr 2012 19:35
Picon

Re: Is there any way to kill a seahorse?

On 04/11/12 20:16, Dimitrios Siganos wrote:
> I think you are both arguing just for the sake of arguing.

I just wanted to know how to disable the keyring.
I refuse to believe that I must have and use something
I know I don't want.

> Bruce makes a valid point but just doesn't seem to know
> how to put it across without offending people.

Maybe he got tired of fighting the issue and his ultimate
irritation showed through too readily.  Sorry about that.
I just wanted it disabled.  It shouldn't have been so hard.

Thank you.  Regards, Bruce
Permalink | Reply |
headers
Bruce Korb | 12 Apr 2012 18:32
Picon

Re: Is there any way to kill a seahorse?

On 04/11/12 19:11, Michael Stephenson wrote:
> So suddenly you care about security again?

There are two flavors of security:  Physical and electronic.
I am completely unconcerned about someone physically sitting
down and seeing post-it notes with passwords.  I am not
concerned with folks ssh-ing into my machine since the only
account open to ssh has a "shell" that does nothing except
open a tunnel into _their_ machine, but even it is disabled
now.  Everything else is stopped at the router.

So my security model is now and has always been to physically
secure my machine, block all external probes, use software
that is as reliable as I know how to get it, and use a text
database of passwords for the web sites I need to gain access
to.  I do not password protect it because I am certain no
robotic intruder is going to guess my /path/to/my/password/db.txt
file and also be able to map allusory names to real web sites.

In the end, I do not want to have passwords demanded of me
by some I-know-better-than-you-do password manager,
either when I login or when I visit web sites.

> I don't know whether over the course of these exchanges you
> actually developed an understanding of what
> seahorse/gnome-keyring does.

I didn't know at the start.  It is not rocket science.
And I do not need its services.  It gets in my way.

> In your confused head you want rid of this system because
> it is inconvenient, having to enter a password all the time.

In your confused head, you are certain you know better than
me and you coded your software on that presumption.
That presumption is wrong 100% of the time.
gnome-keyring intervention needs to be optional.

> There are two ways to be secure,

You are wrong.  I paste it from a text file.
I don't trust an external application to always know
when to paste a password into one of the several browsers
I use.  (Firefox, Chrome, Safari and Konqueror, all,
because of login conflicts.)  So I keep it where *I*
can get at it.

Anyway, my thanks to Stef.  gnome-keyring is gone!
I still think I ought to have been able to disable it.
Permalink | Reply |
headers
Adam Tauno Williams | 13 Apr 2012 14:50
Gravatar

Re: Is there any way to kill a seahorse?

Quoting Bruce Korb <bkorb <at> gnu.org>:
> On 04/11/12 19:11, Michael Stephenson wrote:
>> So suddenly you care about security again?>
> There are two flavors of security:  Physical and electronic.
> now.  Everything else is stopped at the router.

It doesn't actually work that way.  Your machine communicates with  
other hosts all the time, and those hosts *can* use the out-bound  
connections you create.  But this isn'tthe forum to discuss basic  
network security;  just know that I've sat through numerous  
presentations and demos about how to exploit machines that do not  
permit inbound connections -  it is often easier than you think.

> robotic intruder is going to guess my /path/to/my/password/db.txt
> In the end, I do not want to have passwords demanded of me
> by some I-know-better-than-you-do password manager,
> either when I login or when I visit web sites.

So when applications and websites demand passwords of you - you  
cut-n-paste them from a text file?  How is that easier [or more  
secure] than entering a password at login and permitting the rest of  
your passwords to be stored in an encrypted database accessed via a  
consitent API?

You can do it your way - but it does *not* make any sense.

And I have no idea what "I-know-better-than-you-do password manager"  
implies other than it knows to encrypt the data and allow you to  
control access to it.

>> In your confused head you want rid of this system because
>> it is inconvenient, having to enter a password all the time.
> In your confused head, you are certain you know better than

Yes.

> me and you coded your software on that presumption.
> That presumption is wrong 100% of the time.

Nope.

> Anyway, my thanks to Stef.  gnome-keyring is gone!

See, gnome-keyring is optional! :)
Permalink | Reply |
headers
Michael Stephenson | 13 Apr 2012 19:52
Picon

Re: Is there any way to kill a seahorse?




It doesn't actually work that way.  Your machine communicates with other hosts all the time, and those hosts *can* use the out-bound connections you create.  But this isn'tthe forum to discuss basic network security;  just know that I've sat through numerous presentations and demos about how to exploit machines that do not permit inbound connections -  it is often easier than you think.

robotic intruder is going to guess my /path/to/my/password/db.txt
In the end, I do not want to have passwords demanded of me
by some I-know-better-than-you-do password manager,
either when I login or when I visit web sites.

What if the robotic intruder decided to add an ssh key to ~/.ssh and add a cronjob to wget a certain php script somewhere out there on the web to show the attacker your ip? 
I can now manually ssh in to your user and you can be damn sure I'll find your text file!

_______________________________________________
seahorse-list mailing list
seahorse-list <at> gnome.org
http://mail.gnome.org/mailman/listinfo/seahorse-list
Permalink | Reply |
headers
Stef Walter | 12 Apr 2012 12:25
Picon

Re: Is there any way to kill a seahorse?

On 2012-04-12 01:36, Bruce Korb wrote:
> One slight drawback:  If, say, some app that I use were to become
> a virus vector, where I keep my database of sites and passwords
> is pretty much unguessable.  An unencrypted, standardized tool's
> database is not so obscure.  So, I don't want seahorse keeping my
> passwords, thank you very much.  I'll "vi" my private database.
> 
> I now go back to my initial question, how do I get this beast
> off of my system forever?

Hmmm. Interesting question. Normally GNOME is taken a whole. But if I
was in your situation I might do one of:

$ sudo yum remove gnome-keyring
$ sudo apt-get remove gnome-keyring
$ (your choice of package manager remove command)

This removes the gnome-keyring-daemon which stores the passwords. You
can also remove the gnome-keyring-pam package.

Applications will probably have some errors if they can't store
passwords. But in those cases applications would need to be individually
fixed. You could file bugs or patches against applications that
misbehave when they get back an error after trying to store their passwords.

It also looks like the package managers for gnome-keyring have gotten
the dependencies wrong. Applications should depend on the
libgnome-keyring package, and not gnome-keyring itself. Although it's
not strictly my responsibility, I can help solve this filing some bugs
and/or alerting package maintainers.

But in the mean time you may need to persuade your package manager to
remove gnome-keyring without removing its dependencies.

Obviously this isn't configuration GNOME supports. So YMMV. HTH.

Cheers,

Stef
Permalink | Reply |
headers
Adam Tauno Williams | 12 Apr 2012 12:30
Gravatar

Re: Is there any way to kill a seahorse?

On Thu, 2012-04-12 at 12:25 +0200, Stef Walter wrote:
> On 2012-04-12 01:36, Bruce Korb wrote:
> > One slight drawback:  If, say, some app that I use were to become
> > a virus vector, where I keep my database of sites and passwords
> > is pretty much unguessable.  An unencrypted, standardized tool's
> > database is not so obscure.  So, I don't want seahorse keeping my
> > passwords, thank you very much.  I'll "vi" my private database.
> > I now go back to my initial question, how do I get this beast
> > off of my system forever?

What you want to remove is the GNOME keyring; Seahorse is just a
front-end for managing GNOME keyrings.

> Hmmm. Interesting question. Normally GNOME is taken a whole. But if I
> was in your situation I might do one o
> $ sudo yum remove gnome-keyring
> $ sudo apt-get remove gnome-keyring
> $ (your choice of package manager remove command)
> This removes the gnome-keyring-daemon which stores the passwords. You
> can also remove the gnome-keyring-pam package.

I'd assume dependency checks would require you to do so.

> It also looks like the package managers for gnome-keyring have gotten
> the dependencies wrong. Applications should depend on the
> libgnome-keyring package, and not gnome-keyring itself. Although it's
> not strictly my responsibility, I can help solve this filing some bugs
> and/or alerting package maintainers.
> But in the mean time you may need to persuade your package manager to
> remove gnome-keyring without removing its dependencies.
> Obviously this isn't configuration GNOME supports. So YMMV. HTH.

+1

_______________________________________________
seahorse-list mailing list
seahorse-list <at> gnome.org
http://mail.gnome.org/mailman/listinfo/seahorse-list
Permalink | Reply |
headers
Stef Walter | 12 Apr 2012 13:35
Picon

Re: Is there any way to kill a seahorse?

On 2012-04-12 12:25, Stef Walter wrote:
> It also looks like the package managers for gnome-keyring have gotten
> the dependencies wrong. Applications should depend on the
> libgnome-keyring package, and not gnome-keyring itself. Although it's
> not strictly my responsibility, I can help solve this filing some bugs
> and/or alerting package maintainers.

Done ... although it looks like the mailing list ate my subject line :S

http://mail.gnome.org/archives/gnome-keyring-list/2012-April/msg00002.html

Bugs filed for Fedora (which is running on my machine):

https://bugzilla.redhat.com/show_bug.cgi?id=811921

https://bugzilla.redhat.com/show_bug.cgi?id=811925

https://bugzilla.redhat.com/show_bug.cgi?id=811928

https://bugzilla.redhat.com/show_bug.cgi?id=811930

https://bugzilla.redhat.com/show_bug.cgi?id=811931

https://bugzilla.redhat.com/show_bug.cgi?id=811945

Cheers,

Stef
Permalink | Reply |
headers
Bruce Korb | 9 Apr 2012 22:33
Picon

Re: Is there any way to kill a seahorse?

Hi Adam,

Thanks for your reply:

> Quoting Bruce Korb <bkorb gnu org>:
>> ..., except for this horrid little Gnomey thingy
>> that seizes my desktop until I've dismissed it.  Please be kind
>> enough to do two things:
>
> It asks you to unlock your keyring / passphrase.
> The simplest solution is to let it do that.
> You have to enter it sooner or later anyway.

I'd be happy doing that, but for the fact it keeps asking over
and over and over and over.  If I did that and it went away,
I'd have not chased this down.  Anyway, I've not had any need
of keyrings up until now, so if there is a compelling reason
for having it do its helpful task, then it needs to be helpful
in a quiet, non-intrusive way.  That, or be shot dead.

 >> I didn't ask for it and there is no plainly obvious way. ...
 >> I am looking for a clean, big, bright button saying, "DISABLE"
 >> and it is not to be found.
 >
 > Because disabling the key ring management makes no sense.

I have been okay without it for about 40 years.  But also
pestering me over and over makes no sense either.

>> There's supposed to be a list of apps to start at Gnome startup,
>> but search as I might through ~/.local and ~/.gnome2, I sure cannot
>> find anything resembling any of startup, keyring (other than
>> ~/.gnome2/keyring) or seahorse that I can configure to gone.
>
> Unlocking your keyring should be integrated via PAM when you
> login via the display manager. It should open the "login"
> keyring using your login password.

Well, then, that's the problem.  For whatever reason, it isn't
hooked up properly and I need it to either go away or work
correctly.  I don't care which, but one or the other.

So how do I run down the misconfiguration?  Once I have it
figured out, I'll send you grist for your FAQ.  :)
Google has a *lot* of hits on this issue, but none that
resolve it for me.

>> Please do not tell me that all will be better with Gnome3.
>
> Using GNOME3 right now, it rocks. And used the keyring,
> and Seahorse, under GNOME2; it worked great there too.

Not for me.  :(

>> P.S. I also asked for an install without games.  Guess what?
>> As part of the Gnome ecosystem, you-all need to understand
>> that "no games" is yet another example of ignoring your customers'
>> desires.  Not good.
>
> That is really an issue for your distribution.

Unless the Gnome games were not properly marked as being part of
the game group.  I'm sure SuSE doesn't go into Gnome and segregate
stuff you've supplied them.  If it is properly marked, then it is
a SuSE issue.  I know it is somewhere between Gnome and SuSE,
you-all would know which.

Thank you.  Regards, Bruce
Permalink | Reply |
headers
Chris Green | 3 May 2012 17:44

Re: Is there any way to kill a seahorse?

On Mon, Apr 09, 2012 at 01:33:25PM -0700, Bruce Korb wrote:
> >Unlocking your keyring should be integrated via PAM when you
> >login via the display manager. It should open the "login"
> >keyring using your login password.
> 
> Well, then, that's the problem.  For whatever reason, it isn't
> hooked up properly and I need it to either go away or work
> correctly.  I don't care which, but one or the other.
> 
I run xubuntu and I have always had the OP's problem, seahorse simply
does not integrate correctly with the xubuntu startup sequence so that
my login password isn't used to unlock the keyring.

I soon (again like the OP) got fed up with this so I explicitly sort out
the issue in my .xprofile which gets run at X startup as follows:-

    eval $(gnome-keyring-daemon --start)
    export SSH_AUTH_SOCK
    export GNOME_KEYRING_SOCKET
    echo export SSH_AUTH_SOCK=$SSH_AUTH_SOCK >~/tmp/sock

I don't think this issue worries 99% of users, they either never use ssh
or they put up with the occasional request for a password or they
generate ssh keys with no pass-phrase.

(by the way I don't think that final line writing to ~/tmp/sock is still
necessary, I used it for something else that wanted SSH_AUTH_SOCK)

--

-- 
Chris Green
Permalink | Reply |

Gmane