[Thinlinc-technical] Unlocking gnome-keyring from Thinlinc

Michael Firth MFirth at nevion.com
Wed May 2 13:02:50 CEST 2018


Hi,

I found an old thread here:

http://lists.cendio.se/pipermail/thinlinc-technical/2016-February/005779.html

Where someone asked about getting Thinlinc to auto-unlock a gnome-keyring.

I was wondering if anyone else has made any progress on this in the last couple of years?

I think the one issue that the poster of that thread may have had left is this part of the documentation of "gnome-keyring-daemon --login":

"It reads all of stdin (including any newlines) as a login password"

It seems tl-sso-password adds a newline at the end of its output, and hence "gnome-keyring-daemon --login" will probably always fail because it takes that newline as part of the password.

So I have created the following script, which I have put in /opt/thinlinc/libexec/tl-gnome-keyring.sh, and created a symbolic link to from /opt/thinlinc/etc/xstartup.d/05-tl-gnome-keyring.sh (as that seems to be how the other startup scripts work)

#!/bin/bash
# -*- mode: shell-script; coding: utf-8 -*-
#
# MF: Attempt to unlock gnome keyring
#
# actuib: Unlock gnome keyring with SSO passwrd
if type gnome-keyring-daemon > /dev/null 2>&1; then
  if "${TLPREFIX}/bin/tl-sso-password" --check; then
    "${TLPREFIX}/bin/tl-sso-password" | tr -d '\n\r' | gnome-keyring-daemon --login
  fi
fi

It seems to be working for me (and not if I use an SSH key instead of a password to login - doh!). Obviously the "tr" command will remove any newlines or carriage returns, not just those at the end. A better fix would be a CLI option to "tl-sso-password" not to add a newline, but it is extremely unlikely that most users will have a newline or carriage return embedded in their password.

Is there anything anyone can see wrong in what I have added that would cause problems later?

Should there be a call to "tl-sso-password --remove" somewhere at the end of the startup process? I am a little concerned that there is a command available within the session that will dump my password to standard output in plain text!

Thanks

Michael

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cendio.se/pipermail/thinlinc-technical/attachments/20180502/08d3e661/attachment.html>


More information about the Thinlinc-technical mailing list