Bug#522493: /usr/bin/gnome-keyring-daemon not working in fr_FR.UTF-8 and ssh workaround

Ronan Keryell Ronan.Keryell at hpc-project.com
Thu May 5 08:55:02 UTC 2011


For few weeks now on Debian/unstable, ssh authentication services on my
laptop computer is no longer working.

I've just discovered that this service is not provided by ssh-agent but
but gnome-keyring-daemon. Why not...

When I connect I get this in my /var/log/auth.log:

May  5 09:32:27 an-dro gdm[2145]: pam_nologin(gdm:auth): cannot determine username
May  5 09:33:02 an-dro CRON[2781]: pam_unix(cron:session): session opened for user nobody by (uid=0)
May  5 09:33:02 an-dro CRON[2781]: pam_limits(cron:session): Unknown kernel rlimit 'Max realtime timeout' ignored
May  5 09:33:02 an-dro CRON[2781]: pam_unix(cron:session): session closed for user nobody
May  5 09:33:21 an-dro gdm[2145]: pam_limits(gdm:session): Unknown kernel rlimit 'Max realtime timeout' ignored
May  5 09:33:21 an-dro gdm[2145]: pam_unix(gdm:session): session opened for user keryell by (uid=0)
May  5 09:33:21 an-dro gdm[2145]: pam_ck_connector(gdm:session): nox11 mode, ignoring PAM_TTY :0
May  5 09:33:26 an-dro gnome-keyring-daemon[2785]: GLib-GIO: Using the 'memory' GSettings backend.  Your settings will not be saved or shared with other applications.
May  5 09:33:34 an-dro polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.21 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale fr_FR.UTF-8)
May  5 09:52:33 an-dro gnome-keyring-daemon[2785]: unsupported key algorithm in certificate: 1.2.840.10045.2.1
May  5 09:52:33 an-dro gnome-keyring-daemon[2785]: unsupported key algorithm in certificate: 1.2.840.10045.2.1
May  5 09:52:34 an-dro last message repeated 2 times
May  5 09:52:34 an-dro gnome-keyring-daemon[2785]: couldn't load root certificates: /etc/ssl/certs/imapd.pem: L'ouverture du fichier « /etc/ssl/certs/imapd.pem » a échoué : Permission non accordée
May  5 09:52:34 an-dro gnome-keyring-daemon[2785]: unsupported key algorithm in certificate: 1.2.840.10045.2.1
May  5 09:52:34 an-dro last message repeated 4 times
May  5 09:52:35 an-dro gnome-keyring-prompt: Gtk: Failed to load module "gnomebreakpad"
May  5 09:52:35 an-dro gnome-keyring-daemon[2785]: Gtk-Message: Failed to load module "gnomebreakpad" 
May  5 09:52:56 an-dro gnome-keyring-prompt: Gtk: Failed to load module "gnomebreakpad"
May  5 09:52:56 an-dro gnome-keyring-daemon[2785]: Gtk-Message: Failed to load module "gnomebreakpad" 


I strace'd -f /usr/bin/gnome-keyring-daemon but I saw nothing
blatant.

It is not related for me to wrong encoding as stated in ~/.gnome2/keyrings/default
because I don't have this file:
ls  ~/.gnome2/keyrings/
login.keyring  user.keystore

But I can suspect a wrong encoding stuff somewhere else too...

Since I find annoying having to launch ssh-agent and patching
gnome-keyring-daemon socket each time I log in :-/ , I've ended to write a
work-around script I run before using ssh-add.

Here is my "gnome-keyring-daemon-work-around" work-around script:

#! /bin/sh

# Use ssh-agent instead of currently broken /usr/bin/gnome-keyring-daemon
# to provide ssh autheticating services

# Ronan.Keryell at hpc-project dot com, 2011/05/05


# Keep around the socket to /usr/bin/gnome-keyring-daemon just in case...
OLD_SSH_AUTH_SOCK=$SSH_AUTH_SOCK
mv $OLD_SSH_AUTH_SOCK $OLD_SSH_AUTH_SOCK%

# Launch a working authenticating agent that set also SSH_AUTH_SOCK
eval `ssh-agent`

# Linked the old socket name advertised everywhere previously by
# /usr/bin/gnome-keyring-daemon to the new working one:
ln -s $SSH_AUTH_SOCK $OLD_SSH_AUTH_SOCK

-- 
  Ronan KERYELL                      |\/  GSM:    (+33|0) 6 13 14 37 66
  HPC Project                        |/)  Fax:    (+33|0) 1 46 01 05 46
  9 Route du Colonel Marcel Moraine  K    E-mail: rk at hpc-project.com
  92360 Meudon La Forêt              |\   skype:keryell
  FRANCE                             | \  http://hpc-project.com






More information about the pkg-gnome-maintainers mailing list