Kwallet MIA

Kontact can’t start either my ISP or blog emails. It demanded Gmail login details including a confirmation code but still can’t send or receive. Kwallet manager comes up blank, System Settings / Account Details takes a long time to load and shows no wallet to select as default. I have tried creating a new wallet with both but neither succeeds. Doing anything here takes a long time but to no effect. Wallet manager becomes unresponsive.
If in Kmail “Sending” I try to re-insert a password I get a “Kwallet not available” message. On the “Receiving” tab they are marked as “Empty password” but “Modify” is inert, as is “Restart”. I don’t really want Kwallet to control my Kmail logon but there seems no way round it. How do I get it working again?

No.
Storing passwords as plain text in the config files has been removed for security reasons.

How do I get it working again?

Did you disable kwallet maybe?
That did cause such symptoms as you describe in the past.
You should be able to enable it again in systemsettings5->Acount Details->KDE Wallet, make sure the checkbox in front of “Enable the KDE wallet subsystem” is ticked.
Or delete .config/kwalletrc.

Although, the problem with kwalletmanager becoming unresponsive if kwallet is disabled should actually be fixed in kwalletmanager5 (not in the 4.x version though I think).
How exactly do you run it? Maybe you do use the KDE4 version? (you could actually uninstall it as it is no longer needed/useful, the package is kwalletmanager)

This happened when I logged on this morning. I have done nothing to kwallet.
In System Settings/Account Details/KDE (a) Wallet Configuration “Enable the KDE wallet subsystem” is checked, but no wallet is available to be selected as default. If I try to create a new wallet it is not created and System Settings freezes. If I try to close it I get a warning “Application “systemsettings” is not responding” message.

I have tried renaming kwalletrc to kwalletrc_old, so far to no effect.

KDE 5 - only kwalletmanager5 is installed.

I tried opening Kontact again, took at least five minutes to come up.

I tried opening kdewallet.kwl and end up back at (a) above.

I’ll see if anything happens when I log on in the morning. Currently past midnight here.

Do you have pam_kwallet installed to automatically unlock kwallet on login?

The latest security fixes apparently cause problems on some systems, a followup update is on the way.
You can install it already from the update-test repo:
http://download.opensuse.org/update/leap/42.3-test/
(or downgrade pam_kwallet to the previous version)

See also:
https://bugzilla.opensuse.org/show_bug.cgi?id=1092047
https://bugzilla.opensuse.org/show_bug.cgi?id=1092093 and
https://bugs.kde.org/show_bug.cgi?id=393856

Correct!!!
Yes, KMail without KWallet is, AFAIK, not on the KMail feature list …
[HR][/HR]Despite that, KMail is, IMHO, a really great product and, IMHO, absolutely wonderful when used as part of the Kontact suite.
[HR][/HR]So, now to your issue:
Read this: <KMail/FAQs Hints and Tips - KDE UserBase Wiki.
And this: <https://docs.kde.org/stable5/en/kdeutils/kwallet5/introduction.html&gt;.

My personal recipe for setting up the KDE KWallet is this:

  1. Create a new “Classic, blowfish encrypted file” named “kdewallet” with an empty password (yes, an empty password for the Wallet itself – it works, the password data contained in that Wallet is encrypted – only those people who have access to your KDE Desktop can view the contents of that Wallet on a physical screen … ).
  2. Use this password wallet to store your E-Mail Account data.
  3. Consider using this password wallet for storing your WLAN access data.
  4. Create another password wallet (with GPG encryption if needed) with a “strong enough” password to store all the other password and connection data you need for other network activities.

Regarding KMail, this is the reference document: <https://docs.kde.org/stable5/en/pim/kmail2/index.html&gt;.

** @Zelator57:**
Yes of course, as Wolfi has indicated, use pam_kwallet to unlock the wallet “kdewallet” at login.
But, AFAIK, the PAM Module for kwallet signing currently only works reliably if the Wallet is encrypted with the “Classic, blowfish encrypted file” setup.

Have you actually read my post which you quote?
I didn’t suggest to use pam_kwallet, I asked whether it is being used. You proabably overlooked the ‘?’ in your quote…

The latest pam_kwallet update seems to break things completely, on some systems at least.

But, AFAIK, the PAM Module for kwallet signing currently only works reliably if the Wallet is encrypted with the “Classic, blowfish encrypted file” setup.

Yes, pam_kwallet only works with “Classic, blowfish encrypted”.

If you use GPG encryption, automatically unlocking the wallet won’t work, but that should not break kwallet completely.

As I wrote already, the “feature” to store passwords as plain text in the config files has been removed years ago, for hopefully obvious reasons.

And there is no point to implement a secure password store in every single (KDE) application (which is not easy to get right anyway), that’s what kwallet is for.

The new update has been released a few minutes ago, so please ignore the part about the update-test repo and just install updates normally.

Looking at what Wolfi and I have been posting, please post the output of " ps -ef | grep -i ‘kwallet’ ".
[HR][/HR]If the KWallet Manager isn’t running, you’ll only see “/usr/bin/kwalletd5”; if the KWallet Manager is running, you’ll also see “/usr/bin/kwalletmanager5”.
[HR][/HR]What I’ve noticed today with a perfectly normal Leap 42.3 system is, for whatever reason KWallet Manager was running but, it didn’t display – nowhere to be found in the KDE Plasma System Tray.

  • I had to “kill -HUP” the KWallet Manager process to get the thing to behave as it should do.

You may have to simply call the KWallet Manager from the KDE Plasma Application Launcher (“Start” - “program starter”) [simply begin typing “kwall” in the search field and it’ll pop up for selection] rather than using the “System Settings” module.

The very first thing to try at the moment is to update the system and reboot.
Anything else is probably just a waste of time.

Again, there has been a bug in the latest pam_kwallet security update that caused exactly such symptoms as described on affected systems, and a followup update to fix that has been released meanwhile.

If that doesn’t help in the OP’s case, further investigation is required of course.

andy@linux-86az:~> ps -ef | grep -i ‘kwallet’
andy 2700 1 0 10:20 ? 00:00:00 /usr/bin/kwalletd5 --pam-login 15 2
andy 4135 4115 0 10:29 pts/0 00:00:00 grep --color=auto -i kwallet

I’ll update and post back.

Thanks.

That implies that you are indeed using pam_kwallet, so the update will hopefully fix your problem.

Yes, yes, to everything posted so far but, there is the possibility that, the contents of the directory “~/.local/share/kwalletd/” are corrupt.

  • Does the output of the CLI command “kwallet-query --list-entries --verbose kdewallet” indicate anything bad and/or unusual?

[HR][/HR]Please, please, do not post the output of ‘kwallet-query’ here – you’ll publicise your Wallet’s contents!!!
[HR][/HR]Please note that, by default, ‘kwallet-query’ displays the contents of the folder “Passwords” – including the contents of the sub-directories “Passwords” and “Pairs”. To investigate the contents of the folders “Form data”, “mailtransports” and “pop3” or “imap” you need to call ‘kwallet-query’ with the option “–folder” ( “-f” ).

The update fixed it. Thanks to all.

Hey Okker!
Good to hear that.
Who’s going to win the Ashes the next time around? :wink: