I have a "Login" keyring in my Gnome on Ubuntu 18.04 LTS. The password on this Login keyring is the same as my login password.
It was always the case that it would only unlock intermittently. However, since I added the following line to /etc/pam.d/common-session:
session required pam_systemd.so
it is never unlocking at login.
(The addition was an attempt to solve what I thought was a quite unrelated problem, namely the GNOME menu not responding to mouse clicks for the power-off button.)
I have added these entries to /etc/pam.d/common-session as well:
# Make sure GNOME keyring starts up
session optional pam_gnome_keyring.so auto_start
auth optional pam_gnome_keyring.so
My login password is managed using LDAP, however the LDAP server is not always accessible to me as it is behind a company firewall and I work from home, normally without the VPN, which I switch on only when I need it.
This results in messages like this in /var/log/auth.log:
Oct 27 09:30:26 HOSTNAME nscd: nss_ldap: could not connect to any LDAP server as cn=REDACTED,dc=REDACTED,dc=REDACTED,dc=REDACTED - Can't contact LDAP server
Oct 27 09:30:26 HOSTNAME nscd: nss_ldap: failed to bind to LDAP server ldap://REDACTED.REDACTED.REDACTED.REDACTED: Can't contact LDAP server
Oct 27 09:30:26 HOSTNAME nscd: nss_ldap: could not search LDAP server - Server is unavailable
These mssages are being produced by nscd, pkexec, start-stop-daemon, polkitd(authority=local) and maybe others.
I also see:
gnome-keyring-daemon[7813]: asked to register item /org/freedesktop/secrets/collection/Login/1, but it's already registered
I'm not sure if this is pertinent.
So the questions I have are:
- Is the keyring problem likely related to the LDAP service not being available, or is it likely something else with the LDAP being a red herring?
- More importantly, is there anything I can do about it?
I can of course post more of my PAM configuration files as needed, but I didn't want to start by inundating the post with irrelevant information.
