Can't seem to configure KWallet to not ask for password

NebulaFox · September 11, 2025, 7:01pm

On my old instillation this was never a problem, but for some reason KWallet asked me to create a wallet. First attempt I used GnuGPG, realised that would mean I would always have to input my password, so I switched to Blowfish. I set it to the same password as login, but every time something uses KWallet it asks for the password.

Found KDE Wallet | Arch Linux but is no good as it does not reflect my /etc/pam.d folder.

This Short guide for pam_kwallet with KDE Plasma 5 on openSUSE was better as it does reflect my /etc/pam.d folder.

~> grep kwallet /etc/pam.d/*
/etc/pam.d/common-auth:auth     optional        pam_kwallet5.so
/etc/pam.d/common-auth-pc:auth  optional        pam_kwallet5.so
/etc/pam.d/common-password:password     optional        pam_kwallet5.so
/etc/pam.d/common-password-pc:password  optional        pam_kwallet5.so
/etc/pam.d/common-session:session       optional        pam_kwallet5.so
/etc/pam.d/common-session-nonlogin:session      optional        pam_kwallet5.so
/etc/pam.d/common-session-nonlogin-pc:session   optional        pam_kwallet5.so
/etc/pam.d/common-session-pc:session    optional        pam_kwallet5.so

OpenSUSE Wiki KWallet

What I have found out so far is by every guide I have found it is all setup correctly, and tumbleweed is already set up kwallet since pam_kwallet was already installed. Just not sure why it keeps asking.

arvidjaar · September 11, 2025, 7:07pm

Do you use automatic logon?

DeMus · September 11, 2025, 8:15pm

It is probably not safe but this is what I use for many years already and it never asks me for a password: I leave the password fields empty when creating a wallet. It then tells me it is empty and asks if I want to use that, to which I answer Yes. Done. You have to use the Classic Blowfish choic, btw.

knurpht · September 12, 2025, 1:10am

Known MO, but like you suspect, 100% unsafe.

NebulaFox · September 12, 2025, 11:29pm

On automatic login, It’s whatever is installed by default. I just assume I log in and KWallet would be unlocked.

knurpht · September 13, 2025, 12:17am

Yours seems to be pam_kwallet5, where I have

i  | pam_kwallet6             | A PAM Module for KWallet signing           | pakket
i  | pam_kwallet6-32bit       | A PAM Module for KWallet signing           | pakket
i  | pam_kwallet6-common      | Support files for the KWallet PAM module   | pakket

IIRC the KDE userbase docs say, that your kwallet password needs to be the exact same as your user password.

arvidjaar · September 13, 2025, 6:19am

It is impossible to automatically unlock KWallet in this case.

And where KWallet is supposed to get the password from when user never enters it on logon?

NebulaFox · September 13, 2025, 12:40pm

How do I go about changing it? There is a huge comment in the pam files that say they’ll be overwritten by pam-config, and it doesn’t appear that pam-config has a --kwallet6 option?

arvidjaar · September 13, 2025, 12:47pm

There is nothing to change. The PAM module name is not required to be the same as the package name.

knurpht · September 13, 2025, 2:16pm

Missed the “Automatic login” part. That said, and absolutely not my wish to ever happen, in a chat with one of the KDE devs last year at oSC24 I was told that it is technically possible, but would create a gigantic security risk.
FWIW Andrei: You will not find one single install that I performed by yours truly that has autologin enabled. Nor any install where the root password == user password.

NebulaFox · September 13, 2025, 10:11pm

I am very confused now. So on my previous openSuse installation, I assume that KWallet was setup in such a way that it would be open on login. Is that not the case?

knurpht · September 13, 2025, 11:18pm

Most likely you left the kWallet Blowfish password empty.

system · September 20, 2025, 11:18pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.