On Wed, 21 Apr 2021 at 08:33:01 +0200, intrig...@debian.org wrote:
> On LUKS-encrypted systems, by default the GNOME keyring is encrypted
> using the LUKS passphrase typed on boot. pam_gdm unlocks the keyring
> using that passphrase. So far, so good.
Does testing this require any particular system configuration, for example
enabling autologin in gdm, or having the logging-in user's Unix password
be the same as the LUKS passphrase, or having LUKS v2 rather than LUKS v1?
If you're successfully using this on a real system, it would save me some
time if you could describe how to reproduce it on a fresh installation
(VM or real hardware).
All my bullseye systems that run on real hardware (and therefore need
LUKS) were upgraded from buster or earlier, so I don't have any fresh
installations with LUKS at the moment.
> On current sid, pam_gdm uses the _first_ passphrase that was typed on
> boot.
...
> The upstream fix is self-contained and seems very simple. May we
> consider including it in Bullseye?
We'd have to ask the release team, but I don't see why not - but we'll
need to know how to test it.
smcv
