lost and found ( for me ? )

Ubuntu 11.10 : disable keyring ( as-is based info )


In some environments , keyring authentication would irritate you.

Here's an explanation of how to disable keyring.

Please note that keyring is useful tools to prevent users from running Applications arbitrary.
I can not fine documents which describe disabling keyring. … so this info is as-is based.

# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 11.10"

# uname -ri
3.0.0-16-server x86_64


[ how to disable keyring ]

on both methods ( metho1 , 2 ) , I could have turned off keyring popup.
However , some applications doesn’t work , at leaset ubutnu one.

method1 ( not smart ? )

change a permission of keyring-daemon not to run.

keyring seemed to start via gnome, pam etc like this:
# ps aux | grep keyring-daemon | grep -v grep
/usr/bin/gnome-keyring-daemon --start --components=ssh

# pwd
/etc/pam.d

# egrep keyring *
common-password:password        optional        pam_gnome_keyring.so
gnome-screensaver:auth optional pam_gnome_keyring.so
lightdm:auth    optional        pam_gnome_keyring.so
lightdm:session optional        pam_gnome_keyring.so auto_start

/etc/pkcs11/modules/gnome-keyring-module
/etc/xdg/autostart/gnome-keyring-gpg.desktop
/etc/xdg/autostart/gnome-keyring-pkcs11.desktop
/etc/xdg/autostart/gnome-keyring-secrets.desktop
/etc/xdg/autostart/gnome-keyring-ssh.desktop

# egrep keyring-daemon *
gnome-keyring-gpg.desktop:Exec= gnome-keyring-daemon --start --components=gpg
gnome-keyring-pkcs11.desktop:Exec=/usr/bin/gnome-keyring-daemon --start --components=pkcs11
gnome-keyring-secrets.desktop:Exec=/usr/bin/gnome-keyring-daemon --start --components=secrets
gnome-keyring-ssh.desktop:Exec=/usr/bin/gnome-keyring-daemon --start --components=ssh

# ls /usr/share/dbus-1/services/org.freedesktop.secrets.service
/usr/share/dbus-1/services/org.freedesktop.secrets.service

# egrep keyring-daemon /usr/share/dbus-1/services/org.freedesktop.secrets.service
Exec=/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets


I’m not sure whether or not this method is the proper solution , but it seems to work.
change a permission of keyring-daemon not to run.
# ls -l /usr/bin/gnome-keyring-daemon
-rwxr-xr-x 1  /usr/bin/gnome-keyring-daemon

# chmod 000 /usr/bin/gnome-keyring-daemon

# ls -l /usr/bin/gnome-keyring-daemon
---------- 1 root root 1002288 2011-12-05 15:28 /usr/bin/gnome-keyring-daemon

# reboot


There are error messages in auth.log..
# egrep keyring /var/log/auth.log
ubuntu-1 gnome-keyring-daemon[26639]: コマンドライン 'dbus-launch --autolaunch=009ea758ff9535b3b3170fae00000b78 --binary-syntax --close-stderr' が非ゼロの終了コード 1 で終了しました: No protocol specified\nNo protocol specified\nNo protocol specified\nNo protocol specified\nAutolaunch error: X11 initialization failed.\n
ubuntu-1 gnome-keyring-daemon[26639]: couldn't connect to dbus session bus: //bin/dbus-launch terminated abnormally with the following error: No protocol specified#012No protocol specified#012No protocol specified#012No protocol specified#012Autolaunch error: X11 initialization failed.
ubuntu-1 gnome-keyring-daemon[26639]: couldn't connect to dbus session bus: //bin/dbus-launch terminated abnormally with the following error: No protocol specified#012No protocol specified#012No protocol specified#012No protocol specified#012Autolaunch error: X11 initialization failed.
ubuntu-1 lightdm: gkr-pam: couldn't run gnome-keyring-daemon: Permission denied
ubuntu-1 lightdm: gkr-pam: gnome-keyring-daemon didn't start properly properly


connect to the Ubuntu from Window 7 via FreeNX
start an application ( google chrome )
There is no keyring popup when starting up chrome. ( It seems to work well as of now )
# ps aux | grep keyring | grep -v grep
#


method2
edit org.freedesktop.secrets.service , gnome-keyring-gpg.desktop , gnome-keyring-pkcs11.desktop ,
gnome-keyring-secrets.desktop and gnome-keyring-ssh.desktop.

set the permission of keyring-daemon to the default permission.
# ls -l /usr/bin/gnome-keyring-daemon
---------- 1 root root 1002288 Dec  5 15:28 /usr/bin/gnome-keyring-daemon
# chmod 755 /usr/bin/gnome-keyring-daemon

# ls -l /usr/bin/gnome-keyring-daemon
-rwxr-xr-x 1 root root 1002288 Dec  5 15:28 /usr/bin/gnome-keyring-daemon


reboot the OS
# reboot


confirm keyring popup appears.

edit org.freedesktop.secrets.service file.

comment it out of the following line.
# cat /usr/share/dbus-1/services/org.freedesktop.secrets.service

[D-BUS Service]
2Name=org.freedesktop.secrets
#Exec=/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets


I also commented it out of the following files.
# egrep keyring-daemon *
gnome-keyring-gpg.desktop:#Exec= gnome-keyring-daemon --start --components=gpg
gnome-keyring-pkcs11.desktop:#Exec=/usr/bin/gnome-keyring-daemon --start --components=pkcs11
gnome-keyring-secrets.desktop:#Exec=/usr/bin/gnome-keyring-daemon --start --components=secrets
gnome-keyring-ssh.desktop:#Exec=/usr/bin/gnome-keyring-daemon --start --components=ssh


reboot the OS
# reboot


keyring popup doesn’t appear.
# ps aux | grep keyring | grep -v grep
#


[ other tips ]

keyring authentication files are stored under ~/.gnome2/keyrings directory.
You can reset keyrings credentials by removing these files.
# ls
login.keyring  user.keystore

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.