If you are in any way Linux-inclined, you are certain to have come across this problem multiple times already. Namely, when you browse your network for your online computers and double-click a share that you want to access, you are first prompted for a password to access the remote computer, followed by another password-prompt to unlock the infamous keyring. The former is usually a one-off affair, bypassed by simply clicking the option to "remember forever" the entered password. The latter however, has been the cause of much gnashing of teeth for at least the past 7 years, the period of time since I abandoned Windows for Linux - just Google "unlock keyring" if you are in any doubt!
This has driven me nuts over the years. As you move from Linux distro to distro, just when you would start to believe that the Linux developers had finally 'fixed' it, you would be met once again by that infernal prompt to unlock the keyring at every boot-up. And up to about an hour ago, I had resorted to my now-usual custom of cursing all developers responsible for this travesty, as well as all of their offspring, past and present, for good measure! I then had my 'Road to Damascus' moment when I (finally) succeeded in understanding the underlying issue and fixing it permanently! It's embarrassingly simple as well!
One of the biggest problems is that there must be dozens of tutorials out there on how to fix this, but knowing what I now know, it is equally clear that most of these are either incomplete, or the originator has only a vague idea of what the underlying problem is - his setup works for him, he therefore tries to describe how to configure your system so that you see what he sees. Sure, you will find a lot of "Great, it worked for me!" responses, but invariably there are many "Nope, it didn't work for me" posts as well.
So, onto the solution. First-off, despite what I had thought for years, there is nothing wrong with the keyring-management software itself - it's just that all those bloody misleading "fix-it" tutorials leave you (me) with the impression that there is! To get this working properly 100% of the time, all one needs to do is follow what is outlined below. But first, a word about 'security'.
Back 5-7 years ago when this was really driving people to distraction, there were equally distracted individuals doing the rounds of all the major forums, telling us to stop whinging and just enter the bloody password - after all, we need to keep Linux secure! I, and probably most others thought "bollocks to that!", why can't this stupid setup just use your login password, which had already just been entered. And this stance is perfectly reasonable & valid! Where these pontificators might have been on much firmer ground involved those that wanted to auto-login as well - in this instance, there is absolutely no security in effect. I mention this because I will now outline how to successfully achieve both, but naturally recommend that only the secure method be used.
1) To begin, open the Keyring Management app. On my Ubuntu-based distro (Deepin
2014), it's called 'Passwords and Keys' in the System's menu. The
underlying software is called 'seahorse'. From the menu, select 'View'
and check 'By Keyring', then select 'View' again and select 'Show
Personal'. You should now see at least one key-ring listed under
'Passwords' on the key-ring's pane on the left.
2) To make this as fool-proof as possible,
delete all of these personal key-rings. It should be obvious as to what
you are deleting. If unsure, select its properties. Normally there
are 2 key-rings that need deleting, one containing your login password,
the other containing your network password. It is this
'division-of-labour' (2 or more key-rings) that causes all of the
problems. We want to use a single key-ring for all operations, to hold our
login-password, and our network-password. Do NOT delete any of the
'Certificates', PGP keys etc. - just the key-rings that are listed under
'Passwords'.
3) Even though you may want to start Linux without entering a password (auto-login), complete the following step anyway, as it will allow you the option to switch to the more secure password-login at a later date and your Network-keys setup will continue to work unaltered. From the 'Passwords and Keys' app. select 'File' -> 'New...' -> 'Password Keyring' and name the newly created key-ring "login". This is the key-ring in which our Network key will now be stored.
4) Open the desktop manager app. (Nautilus, Caja, Nemo etc.) select
'Browse Network' and navigate to the remote share you wish to access.
When you double-click it, you will be prompted for 2 passwords. Enter the
first password, making sure
that you select the 'remember forever' option for this, your network password.
Now select either the 'Secure Method' or the 'Insecure Method' below.
Secure Method.
This assumes that you enter a login password each time you start Linux, and will use this entered-password to automatically unlock the network keys.
1) Enter your Keyring password & confirm it, at the prompt. That's it, nothing further needs to be done! The Password manager will have detected the "login" key-ring and copied the just-entered network-password key into it. All should be well.
Insecure Method.
This assumes that you want to start Linux without entering a login-password, and also to not be prompted repeatedly for Key-ring passwords every time you start Linux.
1) At the 'Enter Keyring-password' prompt, simply leave both the 'password' and 'confirm password' lines blank. You will then be prompted to confirm that you do indeed want to store your passwords in an unencrypted format (hence the "no security" bit!) Hit yes, and you're done.
With only one keyring, it will already be set to 'Default', so no need to worry about that. You should never again be prompted for a password for that particular network. If for any reason the keyring manager instead of copying the network-key to the 'login' keyring, creates another one named 'default...' and copies it to there, something is wrong - delete this and try again! it must end up in the "login" folder for this to work properly.
Overall, eazy-peezy,what was all the fuss about? ;)
Edit 1.
Jesus wept. Mere days after penning the above, I'm aghast to discover that the piece of shit that is Linux key-ring management is buggy after all!!! I was shocked to find that on logging in (the 'secure method') I am occasionally still prompted for a key-ring password.
The bug is that the "login" key-ring is sometimes not unlocked at login, when it should ALWAYS be unlocked. It is also very easy to reproduce, though it may take a few reboots/re-logins for it to show itself - just do the following;
reboot/login, and immediately open the 'Keys & Passwords' application. You will find that sometimes the "login" keyring is still locked, sometimes it is unlocked!
This is with an Ubuntu Trusty-based 64-bit setup (Linux Deepin). It is moronic crap like this that has ensured that Linux has managed to retain barely a toe-hold in the Desktop/Workstation OS environment. Bill Gates might as well be paying Linux developers to sabotage Linux, for all the effect these cretins are having. Remember, this bug has been around for at least 7 years, yet these arse-holes still haven't managed/bothered to fix it!!! I don't have any Android-based devices, (which is Linux-based) - I don't like mobiles, and haven't got around to getting a tablet - but I bet that Google sees to it that bugs like this are quashed immediately. I know one thing, Micro$oft wouldn't feel threatened enough to be giving away Windows 10 for free (which from what I've read, is actually pretty decent) if the competition was as bug-ridden as these Ubuntu-based releases.
Case in point, take Linux Mint. I had tried a few Mint releases over the years but never saw the point - after all, it was essentially Ubuntu/Gnome2 with a candy-floss coating. That all changed with the debacle that was/is Gnome3, so I have been acclimatising myself to Mint/Mate since 17.1. Now Mint 17.2, I am continually shocked at the number of serious bugs this setup continues to harbour. I have personally submitted 3 bug reports but don't expect that they will ever be looked at, never mind fixed. On the other hand, Ubuntu 10.04, long EOL'ed but still my OS of choice, is a joy to use, almost bug-free, and I'm pretty sure doesn't suffer from the key-ring management bug discussed here. The thing is, Mint is almost universally recommended as the Linux of choice for Linux-newbies. As someone who currently uses it for several hours daily, my question is, WHY??? I'm using it purely because of Mate's emulation of Gnome2, but jeez, that also has so many bugs that it would merit its own article. On the other hand, picture a typical Windows user who is thinking of switching to a free OS, has grown accustomed to using a decent OS - let's face it, Windows is not bad - and is then faced with headaches the likes of this key-ring management thing - common-sense would suggest that the majority will end up running for the hills, and back to fattening Bill's coffers. And would you blame them, I certainly wouldn't.
Edit 2:
Try as I might, I cannot reproduce this 'failure to unlock keyring at login' on Mint 17.2, only with Linux Deepin, where it seems to occur 'naturally' about 50% of the time. Given that they are both based on the 'Ubuntu-trusty' distro, I find this odd. It is especially ironic in that Mint/Samba has a bug of sorts where remote-computers are not detected & listed automatically when you choose to 'Browse Network' (with Deepin, they are) - because of this, and in conjunction with another major Samba bug, where if you double-click 'Windows networks', then the 'workgroup' icons, your Browser window will instantly close (it crashes, issuing a 'segmentation fault' when Caja is launched from a terminal), but only if a remote Linux computer exists on the network! It works fine if a Windows computer exists - it's as if Windows themselves are behind the development of Samba!!! Note that this bug does not exist on my Ubuntu 10.04/Samba installation, only with the 'new-and-improved' Samba that is in the Trusty repository. This means that from the Mint computer, I cannot Browse the network for available shares, but have instead to 'Connect to server...' via a specified IP address.
So, with Deepin, I can Browse & connect to network shares because Samba automatically detects & lists computers on the network, but am prompted 50% of the time to also enter the keyring password, whereas with Mint, since the remote computers are not automatically listed by Samba, I would normally need to go the 'Windows networks'->'workgroup' route to find them - only to have the Browse window crash when it detects that the remote computer is a Linux box. So in a sense, I'm damned either way...
Edit3:
Weeeeeee, I've just noticed that this Deepin bug has finally been removed! Thanks should probably go to the Debian crowd, rather than the Deepin developers though - Deepin is after switching from the Ubuntu, to the Debian base-system for Deepin 15. This move incidently is after introducing a whole other range of serious problems, not least of which is that Deepin 15 will not even install on a lot of computers - my Dell laptop being just one example. After multiple graphics-related problems running on my Zotac pc, I finally have a stable setup there. These 'introduced' problems have the Deepin devs thinking of starting a 'base-system' of their own, which sounds like a big move.
Stick with Debian I'd say. The fact that this Debian setup is minus this stupid bug, one that seems to have plagued Ubuntu distributions for years, is a good omen.
OK, Call KEYRING what is; SECURITY BREACH. Keyring = Linux Security Breach. .. Keyring = Linux Security Breach
ReplyDelete.. Keyring = Linux Security Breach
.. Keyring = Linux Security Breach