I have an autostart application that requires access to the system kdewallet. After logging in, I am prompted to put in my password again to open the wallet.
I found that the pam_kwallet package was already installed. As for the requirements:
the wallet must not have been previously initiated.
Does this mean I need to delete the wallet? Or that is should not be opened by something else?
The name must be kdewallet.
This is true.
The encryption method must be blowfish.
I am unsure how to check this. I tried creating another wallet and it did not let me choose PGP encryption (something about missing keys) so I assume this is true.
The wallet password must be the same as the login password.
This is true.
I tried uninstalling and reinstalling the package with no change.
I don’t see any settings to automatically open the wallet. In KWalletManager or System Settings.
I found a YouTube video recommending that I set the password to blank. Is this less secure than using my user password with auto-open on login? I am the only user of this computer.
Your autostart application likely runs too early, before KWallet is unlocked by PAM. Does the autostart application have a .desktop file associated with it?
It’s convenience vs security really. A blank wallet password means no encryption at rest, which means anything stored in the wallet is readable by any process running as your user. I have done it in the past too.
Your autostart application likely runs too early, before KWallet is unlocked by PAM. Does the autostart application have a .desktop file associated with it?
Yes, it does. It is located in /home/conley/.config/autostart.
However, I tried removing it and restarting and waiting a few seconds after login. When I opened the application, it still asked to open the kdewallet and I put in my password. How long is PAM expected to take?
The application I’m using is Proton Mail Bridge, and I’m not sure I want to allow any process to get my email authentication.
Or would I be in trouble regardless? Thunderbird saves credentials but doesn’t use kdewallet. If it’s stored in plain text somewhere I suppose I might as well just remove the password.
PAM unlock happens during login and is effectively instantaneous; if you still get prompted after manually starting the app, auto-unlock isn’t happening for some reason.
Are you using SDDM as the display (login) manager? Is auto-login in use?
Thunderbird does not use KWallet by default - it uses it’s own mechanism.
Hi - I also use Proton Bridge, although I am using Gnome which has it’s own password thing which requires a PW rather the the KD one you are talking about.
I found the Proton Bridge misbehaved lots when I had it to auto start as it often timed out & failed to connect with a grc or gpc error I think it is. I settled on remembering to launch it manually before launching my e-mail programme as a solution for that, although on occasions it still fails to connect in time, but I’ve never managed to work out if that is because of stuff going on in the background in Opensuse or if the Proton bridge / server is the culprit. I don’t seem to have to put another password in this way, although wierdly Gnome sometimes asks me to unlock the PW thing twice with 2 separate pop up boxes & sometimes just the one when I start up - not sure why that is maybe after Gnome / OS updates? Not sure if this helps with your issue?
Previously initiated means opened.
kdewallet and blowfish are the default.
Wallet password… Reset as follows:
Open the KWallet Manager, select kdewallet, click the change password button in the top right, try entering your login password to see if it takes it.
If so, log out and in to see if your prompted again.
If not, try changing it to something else, click the File menu and Close All Wallets, then close the the manager., log out and in, repeat this time with your current login password and it should work.
Also check your config check boxes from the Settings menu of the manager > Configure Wallet…
I had my password intentionally set to something other than my login and when I open an app that needs it I was prompted. I wanted the wallet closed until needed and then closed again so that I am prompted every time something wanted in so I know what is trying to access it.
I just changed the password to my login and unchecked the close wallet boxes in the config, logged out and in and it works as you wish… automagically with no prompt when I open apps I know use it.
I hope this helps, please let us know.
Also in the manager is a help button or F1 that will open The KWallet Handbook for details you may not have found in your previous search.
Are you using SDDM as the display (login) manager? Is auto-login in use?
I am using SDDM and not using auto-login. I input password to SDDM to log into Plasma.
I don’t think this is a Proton Mail Bridge issue; disabling the app’s autostart and opening KWalletManager on login, the wallet is closed and has to be opened.
I did all this and unfortunately there is no change.
I checked the Arch wiki and it seems like there is supposed to be a file /etc/pam.d/sddm with configuration, but this file does not exist on my system.
Since pam_kwallet5 should already be present in the common PAM session stack, this isn’t a missing PAM configuration issue. It seems as if the existing wallet was created or rekeyed under different credentials perhaps?
You could try recreating the wallet using the current login password. Logout and do this from a terminal as user…
rm -rf ~/.local/share/kwallet ~/.config/kwallet*
Warning: This will delete your existing wallet and all saved passwords. Only do this if you are okay with losing them.
Log back in to the Plamsa desktop, and when when prompted, create a new wallet named kdewallet and use your login password. This ensures PAM can unlock it automatically in future sessions.
I ran the command from terminal as my user, but there didn’t seem to be any change after logging into Plasma.
I decided to try deleting it in KWalletManager (File > Delete Wallet…) and creating a new one with the same name “kdewallet” and blowfish encryption with my user password.
I’ll have to regenerate some tokens and log back into some stuff, but now… it works!
I’m not really sure how the wallet works but I originally switched to OpenSUSE from Fedora and I just pulled almost my entire user folder over. I’m guessing something didn’t work in the transition.
the wallet must not have been previously initiated
(We’ve all been there).
