Skip to content

Instantly share code, notes, and snippets.

@c4software
Last active May 14, 2022 20:06
Show Gist options
  • Save c4software/7c575956341d677d74095bb7be1c520a to your computer and use it in GitHub Desktop.
Save c4software/7c575956341d677d74095bb7be1c520a to your computer and use it in GitHub Desktop.
[Archlinux] XRDP & Gnome Keyring Unlock (May 2022 temporary fix)

Hi 👋,

I have a full headless VM for remote machine, since few weeks Google Chrome became really slow to start (2min, I smell a timeout)… All the problems are related to Gnome-Keyring which seems not to unlock.

Step 1 /etc/pam.d/system-auth

Comment every lines with pam_systemd_home.so in the /etc/pam.d/system-auth to disable it.

Step 2 /etc/pam.d/xrdp-sesman

Enable unlock of pam_gnome_keyring.so in the /etc/pam.d/xrdp-sesman, update your file according :

#%PAM-1.0

auth            include         system-remote-login
-auth           optional        pam_gnome_keyring.so <<--- ADD THIS

account         include         system-remote-login

password        include         system-remote-login
-password       optional        pam_gnome_keyring.so use_authtok <<-- ADD THIS

session         optional        pam_keyinit.so force revoke
session         include         system-remote-login
-session        optional        pam_gnome_keyring.so auto_start <<-- AND ADD THIS

Step 3 /etc/pam.d/login

I'm not really sure if its mandatory, but to make everything working you also need to unlock the keyring when login.

#%PAM-1.0

auth       required     pam_securetty.so
auth       requisite    pam_nologin.so
auth       include      system-local-login
auth       optional     pam_gnome_keyring.so <<-- ADD THIS
account    include      system-local-login
session    include      system-local-login
password   include      system-local-login
session    optional     pam_gnome_keyring.so auto_start <<-- ADD THIS

Step 4 .xinitrc (xfce4)

For the records, this is my ~/.xinitrc

systemduser="/etc/X11/xinit/xinitrc.d/50-systemd-user.sh"

# sourcing the systemd user
if [ -f "${systemduser}" ]; then
    source ${systemduser}
fi

eval $(gnome-keyring-daemon --start)
export SSH_AUTH_SOCK

exec dbus-launch --sh-syntax xfce4-session

Step 4b .xinitrc (Gnome)

systemduser="/etc/X11/xinit/xinitrc.d/50-systemd-user.sh"

export XDG_SESSION_TYPE=x11
export GDK_BACKEND=x11

# sourcing the systemd user
if [ -f "${systemduser}" ]; then
    source ${systemduser}
fi

eval $(gnome-keyring-daemon --start)
export SSH_AUTH_SOCK

exec gnome-session
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment