Results 1 to 10 of 10

Thread: kwallet, unlock by login process

  1. #1

    Default kwallet, unlock by login process

    Opensuse 13.1 x86_64
    kde 4.11.10 , 14.12 from "kde sc current" and "kde sc current extra" source

    i chose to use GPG certificate technology to secure kwallet
    then
    when logging a window opens asking me the pass phrase of the certificate

    i applied this guide for opensuse 13.2 to unlock kwallet by the login process
    https://tweakhound.com/2015/03/15/opens ... tegration/

    this guide is inspired by

    https://www.dennogumi.org/2014/04/un...llet-with-pam/

    unlocking kwallet by login process does not work . something asks for me the pass phrase .

    why ?
    - opensuse 13.1 ?
    - i use GPG certificate technology to secure kwallet ?

    thanks
    OpenSuse Argon 15.1 x86_64,Asus Prime 250M-A, Intel Core i5-7400, 16 GB, Intel HD Graphics 630, Plugable usb-bt4le bluetooth 4.0 usb adapter, multicard reader USB 3.0 startech.com 35fcreadbu3, HP LaserJet 1220, Headset bluetooth 3.0 Philips SHQ7300

  2. #2

    Default Re: kwallet, unlock by login process

    OpenSuse Argon 15.1 x86_64,Asus Prime 250M-A, Intel Core i5-7400, 16 GB, Intel HD Graphics 630, Plugable usb-bt4le bluetooth 4.0 usb adapter, multicard reader USB 3.0 startech.com 35fcreadbu3, HP LaserJet 1220, Headset bluetooth 3.0 Philips SHQ7300

  3. #3

    Default Re: kwallet, unlock by login process

    Quote Originally Posted by promeneur View Post
    unlocking kwallet by login process does not work . something asks for me the pass phrase .

    why ?
    - opensuse 13.1 ?
    - i use GPG certificate technology to secure kwallet ?
    Well, I never used this feature (neither pam_kwallet nor KWallet's GPG encryption), and I have no idea whether those packages you installed actually work (with KDE 14.12)

    But isn't it unnecessary to enter a password anyway when using GPG encryption? It should just use the configured GPG key (which can be set/changed in KGPG) in that case AIUI.

    AFAIK, pam_kwallet can only work if you use the "classic" kwallet method (encryption via password), and the password of the wallet is the same as for your user account. I'm not sure about that though.

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,345
    Blog Entries
    3

    Default Re: kwallet, unlock by login process

    Quote Originally Posted by promeneur View Post
    While I'm not certain, my assumption is that pam-kwallet requires:

    (1) you do not use gpg encryption with kwallet;
    (2) the password for kwallet is your login password.
    openSUSE Leap 15.1; KDE Plasma 5;

  5. #5
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,345
    Blog Entries
    3

    Default Re: kwallet, unlock by login process

    Quote Originally Posted by wolfi323 View Post
    But isn't it unnecessary to enter a password anyway when using GPG encryption? It should just use the configured GPG key (which can be set/changed in KGPG) in that case AIUI.
    The GPG key is normally encrypted in the gnupg keyring.

    On the first use of kwallet, it pops up a "pinentry-qt" request for the passphrase of the gpg key. Thereafter, it should be remembered by gpg-agent until logout. However, this might require setting a long enough time for gpg-agent to retain the key -- otherwise you will have to re-enter every few hours.
    openSUSE Leap 15.1; KDE Plasma 5;

  6. #6

    Default Re: kwallet, unlock by login process

    But isn't it unnecessary to enter a password anyway when using GPG encryption? It should just use the configured GPG key (which can be set/changed in KGPG) in that case AIUI.
    i have no sufficient knowlegde to answer to this .
    i only know : when i created a certificate with kgpg then it asks for me to define a password for certificate according to protect any modification of this certificat .

    perhaps kwallet use this certificate protect feature as a way to protect the opening of kwallet .

    it's a pity because to switch to classic protect method you must create a new wallet protected by classic method then copied the contents of the wallet to the new wallet . And you decrease the protection .

    why i want to use "unlock kwallet by login process" ? Because each time i open a session in the morning at the first pc startup hangouts connection fails with chrome 44 . this pb occurs in the past and fixed at next version . it seems hangouts does not wait a sufficient time for accessing to kwallet . it seems this is a periodical bug .
    OpenSuse Argon 15.1 x86_64,Asus Prime 250M-A, Intel Core i5-7400, 16 GB, Intel HD Graphics 630, Plugable usb-bt4le bluetooth 4.0 usb adapter, multicard reader USB 3.0 startech.com 35fcreadbu3, HP LaserJet 1220, Headset bluetooth 3.0 Philips SHQ7300

  7. #7

    Default Re: kwallet, unlock by login process

    yes i use same password for login and kwallet
    OpenSuse Argon 15.1 x86_64,Asus Prime 250M-A, Intel Core i5-7400, 16 GB, Intel HD Graphics 630, Plugable usb-bt4le bluetooth 4.0 usb adapter, multicard reader USB 3.0 startech.com 35fcreadbu3, HP LaserJet 1220, Headset bluetooth 3.0 Philips SHQ7300

  8. #8

    Default Re: kwallet, unlock by login process

    it does not work with "classic" method .
    i switched back to "bluefish" method and restore the files "login" and "xdm" in /etc/pam.d/
    OpenSuse Argon 15.1 x86_64,Asus Prime 250M-A, Intel Core i5-7400, 16 GB, Intel HD Graphics 630, Plugable usb-bt4le bluetooth 4.0 usb adapter, multicard reader USB 3.0 startech.com 35fcreadbu3, HP LaserJet 1220, Headset bluetooth 3.0 Philips SHQ7300

  9. #9

    Default Re: kwallet, unlock by login process

    Quote Originally Posted by promeneur View Post
    it does not work with "classic" method .
    i switched back to "bluefish" method and restore the files "login" and "xdm" in /etc/pam.d/
    Isn't "bluefish" the classic method anyway?
    But as I said, I never tried pam_kwallet.

    I hope you'd get better answers in your upstream (KDE) thread.

    Or maybe ask at https://www.dennogumi.org/2014/04/un...llet-with-pam/ (you mentioned it) too, in the comments section.
    That guy is even affiliated with openSUSE and part of our KDE team...
    Last edited by wolfi323; 29-Jul-2015 at 08:38.

  10. #10
    Join Date
    Oct 2008
    Location
    Glasgow, Scotland
    Posts
    1,131

    Default Re: kwallet, unlock by login process

    You can have more than one "wallet" in KDE. If you want a wallet to open without asking for a password/phrase (i.e. open automatically when the desktop launches), just delete the password/phrase or leave it blank.
    ~Thank you for sharing an interesting problem.
    --
    slàinte mhath,
    rayH

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •