[Thinlinc-technical] Unlocking gnome-keyring from Thinlinc
Michael Firth
MFirth at nevion.com
Wed May 2 13:02:50 CEST 2018
Hi,
I found an old thread here:
http://lists.cendio.se/pipermail/thinlinc-technical/2016-February/005779.html
Where someone asked about getting Thinlinc to auto-unlock a gnome-keyring.
I was wondering if anyone else has made any progress on this in the last couple of years?
I think the one issue that the poster of that thread may have had left is this part of the documentation of "gnome-keyring-daemon --login":
"It reads all of stdin (including any newlines) as a login password"
It seems tl-sso-password adds a newline at the end of its output, and hence "gnome-keyring-daemon --login" will probably always fail because it takes that newline as part of the password.
So I have created the following script, which I have put in /opt/thinlinc/libexec/tl-gnome-keyring.sh, and created a symbolic link to from /opt/thinlinc/etc/xstartup.d/05-tl-gnome-keyring.sh (as that seems to be how the other startup scripts work)
#!/bin/bash
# -*- mode: shell-script; coding: utf-8 -*-
#
# MF: Attempt to unlock gnome keyring
#
# actuib: Unlock gnome keyring with SSO passwrd
if type gnome-keyring-daemon > /dev/null 2>&1; then
if "${TLPREFIX}/bin/tl-sso-password" --check; then
"${TLPREFIX}/bin/tl-sso-password" | tr -d '\n\r' | gnome-keyring-daemon --login
fi
fi
It seems to be working for me (and not if I use an SSH key instead of a password to login - doh!). Obviously the "tr" command will remove any newlines or carriage returns, not just those at the end. A better fix would be a CLI option to "tl-sso-password" not to add a newline, but it is extremely unlikely that most users will have a newline or carriage return embedded in their password.
Is there anything anyone can see wrong in what I have added that would cause problems later?
Should there be a call to "tl-sso-password --remove" somewhere at the end of the startup process? I am a little concerned that there is a command available within the session that will dump my password to standard output in plain text!
Thanks
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cendio.se/pipermail/thinlinc-technical/attachments/20180502/08d3e661/attachment.html>
More information about the Thinlinc-technical
mailing list