Gnome-keyring is installed by default in MX Linux, and is used to manage security credentials, such as user names and passwords. Data is encrypted and stored in ~/.local/share/keyrings. The “default keyring” employs the user’s login for encryption, eliminating the need for a second password.
How to unlock apps automatically
Gnome-keyring’s default password can be set up in such a way that passwords from individual apps automatically get unlocked during session login. MX Linux can enable and use this auto-unlock feature by means of the Pluggable Authentication Modules (PAM) mechanism: after the user enters the login password the pam-library will unlock the login-keyring managed by the gnome-keyring subprocess.
Here’s the short procedure to turn PAM on:
- install libpam-gnome-keyring
- delete the existing keyrings folder: ~/.local/share/keyrings [that tilde “~” indicates by convention that the file is in the user’s Home folder]
- log out and back in
- open Password and Keys and verify that the newly created login-keyring is automatically unlocked
If no other app keyring is already in use, the login-keyring will also become the default app keyring. When you open an application which requires to save/fetch its credential into/from the default app keying, the keyring to store passwords will be used.
E.g. open Chromium and you‘ll see that Chromium’s internal encryption keys get stored within the default (login) keyring:
Default keyring already exists
If you already have a password-store “Default keyring” in use by an app such as Chromium or Skype, which hold your passwords and its internal encryption keys, you can secure this keyring with a password and automatically unlock the keyring on application request by means of the PAM-Login-keyring mechanism.
Follow these steps to secure and enable auto-unlock of existing “Default keyring” (using Chromium as the example):
- close Chromium
- open „Password and Keys“
- right click on your existing password store “Default keyring” → set default
- right click on “Default keyring” to verify or change existing password
Now the trick:
- right click on you existing “Default keyring” password store → Lock
And now – this is important:
- right click again on your existing “Default keyring” password store → Unlock
→ Click on “Automatically unlock this keyring whenever I’m logged in”
and enter the password of your “Default keyring”.
Logout, login and to verfiy with „Password and Keys“ that you login-keyring is unlocked
and you “Default keyring” is still locked.
Now open chromium and verify that the “Default keyring”
used by chromum get’s automaticaly unlocked.
- The Help file for Passwords and Keys contains much useful information.
- Gnome Wiki