Manjaro XFCE installation with LUKS FDE: What is the best way to use Gnome Keyring with automatic user login?

Support
,
1

Hi guys :blush:
On those machines where I have Manjaro Xfce installed, I also use full encryption using LUKS. Of course, if I do not select automatic login during installation, I have to enter the password twice at each boot, then the Gnome keyring (seahorse) is also decrypted. If I activate the auto-login, I will be asked for a password for the keyring, for example, when setting up the Nextcloud client. If I set one here, I have to enter it again for every session. If I set a blank password, the keyring remains unencrypted, but then I don’t have to enter anything. Is this the best way for auto-login with LUKS FDE, or should it be configured so that the keyring is already decrypted by the LUKS-passphrase? If so, what would be the best way to implement this? How do you handle the auto-login with LUKS FDE?

2

What’s the point of using LUKS encryption if you’re going to enable autologin? That’s like barricading your windows while leaving your front door wide open.

If your device gets stolen, the thief will have full access to your data either way, encryption or no encryption.

1 Like
4

I think my posting was misunderstood. I certainly didn’t mean bypassing the typing of the LUKS password (in which case the encryption would indeed be useless), but the automatic user login after system startup, after the hard disk has been successfully decrypted by entering the passphrase. The reason for my question is to avoid having to enter a password twice every time the computer boots.

5

The auto-login issue is not at all related to full disk encryption.
The “problem” is the very same without disk encryption - the keyring is needed and if you don’t supply a password on log in, the services depending on the unlocked keyring will have to ask.

… since you do have disk encryption, you could (and should) use a different, perhaps shorter and more easy to type password to log in :man_shrugging:
keyring problem solved :wink:

or leave it empty -
there is no connection whatsoever to the fact that your disk is encrypted

2 Likes
6

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.