KDEWallet keeps popping up on prompt

Deedss · December 13, 2020, 6:53pm

Hello,

I’m trying to switch from kubuntu to opensuse tumbleweed because I want more up to date packages. I’ve found out how to make the normal user as admin and not use root password everywhere, but one thing I can’t seem to figure out is how to set the kdewallet on startup. I’ve tried several guides online explaining about pam_kwallet and adding lines to /etc/pam.d/sddm and then reboot. Another one said just keep password blank because i don’t use autologin. But I thought that if I set the kwallet (name of kdewallet) password the same as login password then it should automatically unlock.

Please help me out here, I’m getting pretty annoyed at having to enter the kdewallet password on every boot. But I’d rather not use passwordless kdewallet if possible.

Thank you in advance.

nrickert · December 13, 2020, 7:47pm

Note that I am not using pam_kwallet. I did use it for a while, but I decided that I prefer the additional security of gpg encryption for kwallet.

Based on my out-of-date experience, pam_kwallet just works. Install it, and all should be good.

However, if you have already configured “kwallet” then you might have done it in a way that is not compatible with pam_kwallet.

It needs: The default wallet name;
blowfish encryption;
password encryption key is your login password.
auto-login is not compatible with this.

If you are using auto-login, then turn that off.
logout from KDE.
Get a command line with CTRL-ALT-F1 (or similar)
Login at the command line
Delete everything in $HOME/.local/share/kwalletd

That sets your kdewallet back to uninitialized defaults. On your next login, pam_kwallet should start working (assuming that you have installed it from the standard repos).

iamjiwjr · December 14, 2020, 1:59am

In the settings you can deactivate kde wallet.

remuz · December 31, 2020, 3:51pm

I have this issue also in two TW installs. It used to work but at some point stopped working.

I have done:

Installed: pam_kwallet
The default wallet name “kwallet”. Some say it should be “kdewallet” so I have made that also and set in KDE Wallet settings: “Select wallet to use as default”. Neither works.
chose blowfish encryption when creating wallets
password encryption key is same as my login password.
auto-login is set to off.
I have added lines with “pam_kwallet5.so” and “session optional pam_kwallet5.so auto_start” in “/etc/pam.d/sddm” as many guides suggest. Doesn’t work either if I remove those.

I have tried this also:

logout from KDE.
Get a command line with CTRL-ALT-F1 (or similar)
Login at the command line
Delete everything in $HOME/.local/share/kwalletd

$ se -i kwallet
Loading repository data...
Reading installed packages...

S  | Name                     | Summary                                  | Type
---+--------------------------+------------------------------------------+--------
i+ | kwallet-tools            | Safe desktop-wide storage for passwords  | package
i+ | kwalletd5                | Safe desktop-wide storage for passwords  | package
i+ | kwalletmanager5          | Wallet Management Tool                   | package
i+ | libkwalletbackend5-5     | Safe desktop-wide storage for passwords  | package
i+ | pam_kwallet              | A PAM Module for KWallet signing         | package
i+ | pam_kwallet-32bit        | A PAM Module for KWallet signing         | package
i+ | pam_kwallet-common       | Support files for the KWallet PAM module | package
i  | signon-kwallet-extension | KWallet integration for signon framework | package

$ cat /etc/pam.d/sddm             
#%PAM-1.0
auth     include        common-auth
auth       optional        pam_kwallet5.so
account  include        common-account
password include        common-password
session  required       pam_loginuid.so
session  include        common-session
session  optional       pam_keyinit.so revoke force
session  optional        pam_kwallet5.so auto_start

nrickert · December 31, 2020, 4:15pm

I haven’t tried it in a while. Perhaps I should test again.

In my experience, it just works. But if you have already initialized kdewallet before installing “pam_kwallet” then it might not work.

However, for me it works as long as I am using SDDM or GDM for logins. If I switch to “lightdm” then it does not work.

Maybe I’ll experiment again later today.

nrickert · December 31, 2020, 5:27pm

I just tested pam_kwallet. It works as expected.

I installed pam_kwallet. I did this at the same time as some other updates. So I rebooted after the install.

On reboot, I used CTRL-ALT-F1 to get to a command line, and I logged in at the command line.

From that command line, I removed “.config/kwalletrc” and “.local/share/kwalletd/*”

Actually, I didn’t remove those files – I moved them to a different directory so that I can restore them at a later time.

I then logged out at the command line, used CTRL-ALT-F7 to get to a GUI login, and I logged in there. And kdewallet just worked. I tested it with ssh-add, which brought up “ksshaskpass” and that did not prompt for a kdewallet password. I told it to save the ssh-add password key. And, on a later login, ssh-add for the same key worked silently using the key from kdewallet.

I then switched to using “lightdm” for logins. And pam_kwallet stopped working. When I tested with “ssh-add”, I was prompted to open kdewallet (I used my login password for that). Switching back to SDDM, everything worked again.

I should all that I do not use auto-login. If you are using auto-login, then pam_kwallet cannot work. That’s because the whole point of pam_kwallet is to open your wallet using your login password. But if you login without password, it cannot do that.

remuz · January 1, 2021, 3:53pm

Could you paste content of your /etc/pam.d/sddm?

nrickert · January 1, 2021, 5:57pm

Sure. Here it is.


% cat sddm
#%PAM-1.0
auth     include        common-auth
account  include        common-account
password include        common-password
session  required       pam_loginuid.so
session  include        common-session

remuz · January 3, 2021, 6:48pm

nrickert:

Sure. Here it is.


% cat sddm
#%PAM-1.0
auth     include        common-auth
account  include        common-account
password include        common-password
session  required       pam_loginuid.so
session  include        common-session

Ok thanks. Seems the contents of that file doesn’t yet explain why it doesn’t work for me.

nrickert · January 3, 2021, 7:18pm

Here’s something else you can check:


% grep wallet /etc/pam.d/*
/etc/pam.d/common-auth:auth     optional        pam_kwallet5.so
/etc/pam.d/common-auth-pc:auth  optional        pam_kwallet5.so
/etc/pam.d/common-password:password     optional        pam_kwallet5.so
/etc/pam.d/common-password-pc:password  optional        pam_kwallet5.so
/etc/pam.d/common-session:session       optional        pam_kwallet5.so
/etc/pam.d/common-session-pc:session    optional        pam_kwallet5.so

Those entries were automatically added to the pam configuration when I installed pam_kwallet. But it looks as if you can also add them with

pam-config -a --kwallet5

(run that as root, of course).