Solus Budgie Unlock keyring pop-up

qk4-li3

[deleted] No. Vivaldi and other Chromium browsers want keyring access regardless of whether there are any saved passwords

knowledge!!!

brent

[deleted] ok thanks. easy solution then (don't autolog) @wetgeek was right).

qk4-li3 I can't imagine this problem persisting, someone will fix it upstream somewhere, someday. seems. I am going to search engine this for kicks
edit: info from 2019 but seems quite a few ways to disable: https://askubuntu.com/questions/31786/chrome-asks-for-password-to-unlock-keyring-on-startup#968149

brent

[deleted] interesting. the only chrome derivative I run is ungoogledand it never activates keyring access. (Eloston probably baked that out of ungoogled).

But all the times I used Vivaldi I never got a keyring login prompt either. Or all the times I used Brave.

Wonder why some get afflicted with this and some don't?
Now I wonder if there is a tie-in to the autologin at boot?

[deleted]

brent You probably don't have the automatic session login enabled. When you log in by entering your password, the keyring gets unlocked right away.

qk4-li3

brent Interesting...

Axios

Reminds me got fix my brave from doing that on this install its a backup browser now.

ReillyBrogan

Chromium applications like Vivaldi will create an entry in the libsecret backend (gnome-keyring on Budgie) often regardless of whether or not you actually do anything that requires it. gnome-keyring requires a password to unlock the vault, this defaults to the password that you set when you installed the system. When you do not have auto-login enabled the greeter (lightdm for Budgie by default) captures your password when you login to the session and feeds that to gnome-keyring in order to automatically unlock it. When you have auto-login enabled this auto-unlock never happens which is why gnome-keyring needs to be unlocked manually when it's invoked for the first time in a session.

This is all expected behavior, though it is often surprising to people using auto-login who are not familiar with it. You pretty much have only a few options here:

Ignore it and just accept that you'll need to enter your password whenever you start something that uses libsecret to store encryption keys or credentials.
Disable auto-login so that your password is captured when you login via the greeter and gnome-keyring is unlocked with that password.
Change the gnome-keyring password to an empty string. Note that this will remove encryption from all secrets protected by gnome-keyring and all secrets will be readable by any application that has read access to your home directory. This is insecure and I would not recommend this.

Axios

ReillyBrogan Is plasma different in that respect then?

WetGeek

ReillyBrogan Disable auto-login so that your password is captured when you login

This is my choice. I can type my password in less than three seconds, and all my computers and VMs are able to hibernate, so that's what they do whenever they're not needed. Waking up from hibernation doesn't require entering my password again.

qk4-li3

ReillyBrogan I think this answer was comprehensive, detailed and also, very GOOD answer.
Awesome! Therefore I'm humbled before these words of wisdom. =)
I think only sensible thing then is #2 disable auto-login. It is what it is.

ps. There is psychological, "human-thing" here at play (with auto-login): You have been "promised" something (automatic login). Then you experience it like the "promise" dont't hold. Perhaps that is just really bad design (or broken) and worth of it's own thread.
pps. All answers and discussion here were very helpful and appreciated, none was ignored, there was food for thought in every one of them. If I failed communicate that I'm sorry.
edit. whoops double negative correction.

ReillyBrogan

Axios It uses kwallet instead of gnome-keyring as the libsecret backend, but the behavior is basically the same here.

Axios

I do #3 but dont use any linux machines for accessing online accounts except this forum and right now thats from
firefox instead of brave.
At some point will migrate that from mac prob and this is important info to know.

Thanx

brent

Axios
I really didn't get this entirely until he explained it.
manual login=you are logged into the OS; no other credential asked for again; keyring satisfied at the DM stage

autologin=because of browser tentacles you must furnish your credentials to the OS at the request of the browser...

read that bold part again. goofy ain't it? but all part of the keyring apparatus from the beginning and it is always "expected" no doubt..
#3 might suit you if you only use solus acct but anything else.

" 3. Change the gnome-keyring password to an empty string. Note that this will remove encryption from all secrets protected by gnome-keyring and all secrets will be readable by any application that has read access to your home directory. This is insecure and I would not recommend this.

on the other hand the amount of applications that have access to /home is pretty big methinks.

Axios

brent Well its like this back in the day I started with solus gnome then budgie
i dont remb it being as bad.
But I had more crashes when logging in at boot on gnome than anything else and when I went to auto boot
things seemed to be ok so thats where I kinda stayed.
Its not really an issue I log into my windows machine.
So prob should switch and see how it goes.

BloodFeastMan

In the startup script for your browser, make the command line:
/path/to/browser/vivaldi %U --password-store=basic
Then it won't want to use the keyring

qk4-li3

BloodFeastMan I must check that out (later), thanks!

Axios

Hmmm that works for brave to easy way to do it. But a reminder its stored in plaintext.

qk4-li3

Axios Hmmm that works for brave to easy way to do it. But a reminder its stored in plaintext.

Does this imply, with this method, there are security issues which are something something...?

Harvey

qk4-li3

Plain text would mean the password(s) are stored in plain text, i.e not encrypted. So yes deciding to do this would be sacrificing security for convenience.

qk4-li3

Harvey Ok. It's no good then.

Staudey

qk4-li3 Harvey Ok. It's no good then.

But you never store passwords in your browser, right? So it wouldn't make a difference for your use case.

One thing... I DON'T have any passwords stored in vivaldi. I never store any passwords in my browser.

« Previous Page Next Page »