Using the default installer I just did a fresh install of bookworm (debian 12.5) with mate desktop.
I would like to only unlock the keyring the first time it is needed during a session.
However as it is, mate always wants to open the keyring at startup. I see no reason for that since, as far as I can tell in my setup, nothing running at startup requires it
Ironically, if I do not use the mate autologin feature, it automatically unlocks the keyring as soon as you log in,
whereas when using the autologin feature, I am asked to unlock it ("manually" as it were - kind of defeating the idea of "autologin").
Is it possible to have mate just leave the keyring alone at startup?
I would much prefer to only be asked to unlock the keyring the first time I actually need it, say when accessing a mail server.
This was how it worked in stretch (the previous debian version I used).
If anything this new approach is less, not more secure, since you are now asked for a password one less time, not to mention having the keyring unlocked before it is even needed. So I truly fail to see what is gained by this change. Am I missing something here?
In any case, if someone can show me how to stop unlocking the keyring when mate starts up, I would be very grateful
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
[Solved] How to stop mate from unlocking keyring at startup?
[Solved] How to stop mate from unlocking keyring at startup?
Last edited by gurfle on 2024-04-07 21:00, edited 1 time in total.
- pbear
- Posts: 384
- Joined: 2023-08-27 15:05
- Location: San Francisco
- Has thanked: 2 times
- Been thanked: 63 times
Re: How to stop mate from unlocking keyring at startup?
I only have Mate in a test box, so not intimately familiar. Mostly a plain vanilla installation (bookworm), except autologin enabled through LightDM. I'm not prompted to open keyring.
My hunch would be that some service launched at boot is the source of the prompt. Meaning some service or app you've added to the base system.
My hunch would be that some service launched at boot is the source of the prompt. Meaning some service or app you've added to the base system.
Re: How to stop mate from unlocking keyring at startup?
Thanks for this feedback pbear, which got me to dig a bit more thoroughly into what might be automatically launched with mate, but that still reveals nothing to give me a y clue.
I have essentially the same setup as your test box, so that adds to the mystery -- especially having not added very much since the same plain vanilla bookworm installation (also with autologin through LightDM) you have.
I get mail through evolution, which is the only thing set up to use the keyring, but I only have that running when I launch it manually. I do know it is highly integrated with the keyring system, e.g. trying to remove the package gnome-keyring forces the removal of evolution, so perhaps installing this latest version of evolution somehow is doing this (which was not the case in the version that came with stretch - the last debian I had before bookworm).
Can you see if just installing evolution on your test box creates the same issue for you? If so, then we have at least nailed down the cause to be somehow connected to the installation of evolution.
I have unchecked the only possibly related culprit under "System -> Control Center -> Startup Applications", the "SSH Key Agent", but that makes no difference.
Nothing in /etc/init.d launches it directly, but maybe someone can tell whether anything I have in there might be forcing the keyring to start indirectly:
I am now very curious to get to the bottom of this, as it seems well beyond my present debugging capabilities
I have essentially the same setup as your test box, so that adds to the mystery -- especially having not added very much since the same plain vanilla bookworm installation (also with autologin through LightDM) you have.
I get mail through evolution, which is the only thing set up to use the keyring, but I only have that running when I launch it manually. I do know it is highly integrated with the keyring system, e.g. trying to remove the package gnome-keyring forces the removal of evolution, so perhaps installing this latest version of evolution somehow is doing this (which was not the case in the version that came with stretch - the last debian I had before bookworm).
Can you see if just installing evolution on your test box creates the same issue for you? If so, then we have at least nailed down the cause to be somehow connected to the installation of evolution.
I have unchecked the only possibly related culprit under "System -> Control Center -> Startup Applications", the "SSH Key Agent", but that makes no difference.
Nothing in /etc/init.d launches it directly, but maybe someone can tell whether anything I have in there might be forcing the keyring to start indirectly:
Code: Select all
root@nickspanasonic:~# ls -l /etc/init.d
total 104
-rwxr-xr-x 1 root root 5623 Nov 30 2022 alsa-utils
-rwxr-xr-x 1 root root 2055 Jan 10 2023 anacron
-rwxr-xr-x 1 root root 3740 Feb 14 2023 apparmor
-rwxr-xr-x 1 root root 2948 Dec 10 08:57 bluetooth
-rwxr-xr-x 1 root root 1235 May 21 2023 console-setup.sh
-rwxr-xr-x 1 root root 3059 Jul 17 2022 cron
-rwxr-xr-x 1 root root 2804 Dec 1 11:35 cups
-rwxr-xr-x 1 root root 1961 May 19 2023 cups-browsed
-rwxr-xr-x 1 root root 3152 Sep 16 2023 dbus
-rwxr-xr-x 1 root root 3029 Jan 29 2023 gdm3
-rwxr-xr-x 1 root root 1748 Feb 13 2023 hwclock.sh
-rwxr-xr-x 1 root root 1482 Jul 18 2022 keyboard-setup.sh
-rwxr-xr-x 1 root root 2063 Dec 9 2022 kmod
-rwxr-xr-x 1 root root 2610 Jan 11 2022 lightdm
-rwxr-xr-x 1 root root 4531 Jan 23 2023 networking
-rwxr-xr-x 1 root root 1386 Feb 1 2023 plymouth
-rwxr-xr-x 1 root root 760 Feb 1 2023 plymouth-log
-rwxr-xr-x 1 root root 959 Dec 18 2022 procps
-rwxr-xr-x 1 root root 2224 May 16 2023 saned
-rwxr-xr-x 1 root root 2040 Sep 25 2022 speech-dispatcher
-rwxr-xr-x 1 root root 1161 Jun 27 2023 sudo
-rwxr-xr-x 1 root root 6871 Jan 26 13:46 udev
-rwxr-xr-x 1 root root 2762 Aug 18 2021 x11-common
root@nickspanasonic:~#
- pbear
- Posts: 384
- Joined: 2023-08-27 15:05
- Location: San Francisco
- Has thanked: 2 times
- Been thanked: 63 times
Re: How to stop mate from unlocking keyring at startup?
Will give it a shot. It's a VM, so I can to the test in a snapshot. Won't be able to run the test until tomorrow evening (my time), as the hamsters are tied up on another project at the moment.
Be aware, I don't use an email app (I use webmail), so not going to get much further than installing and reboot. In particular, not keen to set it up to access my email accounts.
Re: How to stop mate from unlocking keyring at startup?
Thanks!
I did not intend for you to spend any big effort just to help my personal debugging, and in fact, I can now report that something else other than the evolution installation itself is causing keyring access at login: Having just realized I had a test machine of my own available, and now it has evolution on it (that comes with the default bookworm installation anyway) where autologin does not prompt for the keyring password!
I have not set up any email accounts on the test box (in fact not even started it up at all), so that makes me wonder if it is the result of some mail account setup I did in evolution on the offending machine . . . Seems far fetched, but I have to say I do not understand why evolution is so dependent on having keyring access in the first place. Also, the way it has a totally impenetrable way of connecting to gmail (which unfortunately I am forced to use) involving some "black box" process called oauth2, makes me wonder if my gmail setup in evolution has something to do with that.
The mystery deepens . . . I'll report back after doing some more digging around!
I did not intend for you to spend any big effort just to help my personal debugging, and in fact, I can now report that something else other than the evolution installation itself is causing keyring access at login: Having just realized I had a test machine of my own available, and now it has evolution on it (that comes with the default bookworm installation anyway) where autologin does not prompt for the keyring password!
I have not set up any email accounts on the test box (in fact not even started it up at all), so that makes me wonder if it is the result of some mail account setup I did in evolution on the offending machine . . . Seems far fetched, but I have to say I do not understand why evolution is so dependent on having keyring access in the first place. Also, the way it has a totally impenetrable way of connecting to gmail (which unfortunately I am forced to use) involving some "black box" process called oauth2, makes me wonder if my gmail setup in evolution has something to do with that.
The mystery deepens . . . I'll report back after doing some more digging around!
Re: How to stop mate from unlocking keyring at startup?
Turns out the culprit was setting up a gmail account. When setting one up, you need to uncheck the two "Google Features" "Add Calendar to this account" and "Add Contacts to this account" before adding the account to evolution. Having not noticed this the first time, the only way I have now been able to stop the keyring from being accessed upon login was to delete the account from evolution and set it all up again making sure those two features are turned off, which annoyingly they are not by default. This took an unbelievable effort of trial and error to uncover, not knowing how to check basic stuff like process startup settings or configuration files. None of the familiar places I looked gave any clues. Kind of reminds of my days debuging Windows 95 setup glitches
What a disastrous waste of time -- sure wish I wasn't presently compelled to use gmail
What a disastrous waste of time -- sure wish I wasn't presently compelled to use gmail