I’m trying to switch from kubuntu to opensuse tumbleweed because I want more up to date packages. I’ve found out how to make the normal user as admin and not use root password everywhere, but one thing I can’t seem to figure out is how to set the kdewallet on startup. I’ve tried several guides online explaining about pam_kwallet and adding lines to /etc/pam.d/sddm and then reboot. Another one said just keep password blank because i don’t use autologin. But I thought that if I set the kwallet (name of kdewallet) password the same as login password then it should automatically unlock.
Please help me out here, I’m getting pretty annoyed at having to enter the kdewallet password on every boot. But I’d rather not use passwordless kdewallet if possible.
Note that I am not using pam_kwallet. I did use it for a while, but I decided that I prefer the additional security of gpg encryption for kwallet.
Based on my out-of-date experience, pam_kwallet just works. Install it, and all should be good.
However, if you have already configured “kwallet” then you might have done it in a way that is not compatible with pam_kwallet.
It needs: The default wallet name;
blowfish encryption;
password encryption key is your login password.
auto-login is not compatible with this.
If you are using auto-login, then turn that off.
logout from KDE.
Get a command line with CTRL-ALT-F1 (or similar)
Login at the command line
Delete everything in $HOME/.local/share/kwalletd
That sets your kdewallet back to uninitialized defaults. On your next login, pam_kwallet should start working (assuming that you have installed it from the standard repos).
I have this issue also in two TW installs. It used to work but at some point stopped working.
I have done:
Installed: pam_kwallet
The default wallet name “kwallet”. Some say it should be “kdewallet” so I have made that also and set in KDE Wallet settings: “Select wallet to use as default”. Neither works.
chose blowfish encryption when creating wallets
password encryption key is same as my login password.
auto-login is set to off.
I have added lines with “pam_kwallet5.so” and “session optional pam_kwallet5.so auto_start” in “/etc/pam.d/sddm” as many guides suggest. Doesn’t work either if I remove those.
I have tried this also:
logout from KDE.
Get a command line with CTRL-ALT-F1 (or similar)
Login at the command line
Delete everything in $HOME/.local/share/kwalletd
$ se -i kwallet
Loading repository data...
Reading installed packages...
S | Name | Summary | Type
---+--------------------------+------------------------------------------+--------
i+ | kwallet-tools | Safe desktop-wide storage for passwords | package
i+ | kwalletd5 | Safe desktop-wide storage for passwords | package
i+ | kwalletmanager5 | Wallet Management Tool | package
i+ | libkwalletbackend5-5 | Safe desktop-wide storage for passwords | package
i+ | pam_kwallet | A PAM Module for KWallet signing | package
i+ | pam_kwallet-32bit | A PAM Module for KWallet signing | package
i+ | pam_kwallet-common | Support files for the KWallet PAM module | package
i | signon-kwallet-extension | KWallet integration for signon framework | package
$ cat /etc/pam.d/sddm
#%PAM-1.0
auth include common-auth
auth optional pam_kwallet5.so
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session
session optional pam_keyinit.so revoke force
session optional pam_kwallet5.so auto_start
I installed pam_kwallet. I did this at the same time as some other updates. So I rebooted after the install.
On reboot, I used CTRL-ALT-F1 to get to a command line, and I logged in at the command line.
From that command line, I removed “.config/kwalletrc” and “.local/share/kwalletd/*”
Actually, I didn’t remove those files – I moved them to a different directory so that I can restore them at a later time.
I then logged out at the command line, used CTRL-ALT-F7 to get to a GUI login, and I logged in there. And kdewallet just worked. I tested it with ssh-add, which brought up “ksshaskpass” and that did not prompt for a kdewallet password. I told it to save the ssh-add password key. And, on a later login, ssh-add for the same key worked silently using the key from kdewallet.
I then switched to using “lightdm” for logins. And pam_kwallet stopped working. When I tested with “ssh-add”, I was prompted to open kdewallet (I used my login password for that). Switching back to SDDM, everything worked again.
I should all that I do not use auto-login. If you are using auto-login, then pam_kwallet cannot work. That’s because the whole point of pam_kwallet is to open your wallet using your login password. But if you login without password, it cannot do that.
% cat sddm
#%PAM-1.0
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session