Gordon Messmer wrote:
On 03/28/2013 07:00 AM, m.roth@5-cent.us wrote:
Most of my users are on kde, as am I (I really don't like gnome). I've
got one on gnome, though, CentOS 6.4, and I have a problem: I have to start
an agent running ->on login<-, so that the same one is in the
environment
of every term window he opens.
That would be the normal configuration.
In kde, no problem, I modify /etc/X11/xinit/xinitrc-common so that code
in there calls our (newer) ssh-agent instead of the stock one. (And, of course, it's killed on logout, and there's only one running,
not one every time that never go away unless killed manually.)
You're already making things more complicated than they should be. The
ssh agent is supposed to be the parent process of your login session. That is, your login session should be:
ssh-agent startkde or: ssh-agent gnome-session
Well, no. If you look at the stock /etc/X11/xinit/xinitrc-common. at the bottom of the file, that's where it sets this stuff. As I said, we *have* to use the compiled from more recent versions of ssh, because the current stock version doesn't support US gov't PIV cards for authentication. And doing this, I only get one agent, and it gets killed automagically when I log out, as expected.
With GDM, you'd modify the session file in /usr/share/xsessions. You'd
a) /usr/share? Why are system-wide configuration files NOT IN /etc? b) UTF-8? What freakin' morons decided it shouldn't be plain ascii, like everything else? #$%^&*$%^&*($%^&*($%^&*(%^&*()_+
No matter what I open it in, it keeps showing up with garbage chars.
So I look at /etc/gdm, as I said, and I see it sourcing /etc/X11/xinit/xinitrc-common, where I've got it set to reference our agent. Then I go further down, and see <snip>*************** case "$1" in failsafe) exec -l $SHELL -c "xterm -geometry 80x24-0-0" ;; gnome|gnome-session) # lack of SSH_AGENT is intentional, see #441123. though # the whole thing should really happen in xinitrc.d anyway. exec -l $SHELL -c gnome-session exec /bin/sh -c "exec -l $SHELL -c "gnome-session"" ;; kde|kde1|kde2) exec $CK_XINIT_SESSION $SSH_AGENT /bin/sh -c "exec -l $SHELL -c "startkde"" <snip>***************
Pause for some googling, ah, here's my answer that's less ugly, from https://ask.fedoraproject.org/question/10225/is-it-possible-to-replace-gnome-keyring-daemon-with-ssh-agent/, which is to create /etc/X11/xinit/Xclients.d/Xclients.gnome-session.sh, whose contents are #!/bin/sh exec -l $SHELL -c "$SSH_AGENT gnome-session"
prefix the "Exec" line with "ssh-agent ", and be done. As those files
would be <snip>
Xclients, which runs your session. You shouldn't need to change anything at all, unless your newer ssh-agent is at a different path. So, in that case, the only thing you should need to change is to run gnome-session-properties, and uncheck "SSH Key Agent".
First, of course it's in a different path. Second, no, I do *not* want to run a gnome thing - I need to a) do this from a command line, and b) fix it so it can be built that way, or updated. This isn't my machine, I've got dozens of users, and need to administer this remotely, without having to make them stop what they're doing so I can screw with this.
Ok, I followed the guy's instructions, but a) I'm afraid to let the keyring not run, and b) I get the one agent running... but gnome-keyring-agent runs *after* it, and so overwrites the environment variables, which means this is the final trick I need to resolve. As a first question on that, in that created file, /etc/X11/xinit/Xclients.d/Xclients.gnome-session.sh, I've got the one line; however, in /etc/gdn/Xession (really /etc/X11/Xsession), to start gnome, it has, as you can see above, *two* execs. Any idea why, and any idea where I can start the agent so that the environment variables are *not* overwritten by gnome-keyring-agent.
mark