Opensuse 13.1 x86_64
kde 4.11.10 , 14.12 from “kde sc current” and “kde sc current extra” source
i chose to use GPG certificate technology to secure kwallet
then
when logging a window opens asking me the pass phrase of the certificate
i applied this guide for opensuse 13.2 to unlock kwallet by the login process
https://tweakhound.com/2015/03/15/opens … tegration/
this guide is inspired by
https://www.dennogumi.org/2014/04/unlocking-kwallet-with-pam/
unlocking kwallet by login process does not work . something asks for me the pass phrase .
why ?
- opensuse 13.1 ?
- i use GPG certificate technology to secure kwallet ?
thanks
Well, I never used this feature (neither pam_kwallet nor KWallet’s GPG encryption), and I have no idea whether those packages you installed actually work (with KDE 14.12)
But isn’t it unnecessary to enter a password anyway when using GPG encryption? It should just use the configured GPG key (which can be set/changed in KGPG) in that case AIUI.
AFAIK, pam_kwallet can only work if you use the “classic” kwallet method (encryption via password), and the password of the wallet is the same as for your user account. I’m not sure about that though.
While I’m not certain, my assumption is that pam-kwallet requires:
(1) you do not use gpg encryption with kwallet;
(2) the password for kwallet is your login password.
The GPG key is normally encrypted in the gnupg keyring.
On the first use of kwallet, it pops up a “pinentry-qt” request for the passphrase of the gpg key. Thereafter, it should be remembered by gpg-agent until logout. However, this might require setting a long enough time for gpg-agent to retain the key – otherwise you will have to re-enter every few hours.
But isn’t it unnecessary to enter a password anyway when using GPG encryption? It should just use the configured GPG key (which can be set/changed in KGPG) in that case AIUI.
i have no sufficient knowlegde to answer to this .
i only know : when i created a certificate with kgpg then it asks for me to define a password for certificate according to protect any modification of this certificat .
perhaps kwallet use this certificate protect feature as a way to protect the opening of kwallet .
it’s a pity because to switch to classic protect method you must create a new wallet protected by classic method then copied the contents of the wallet to the new wallet . And you decrease the protection .
why i want to use “unlock kwallet by login process” ? Because each time i open a session in the morning at the first pc startup hangouts connection fails with chrome 44 . this pb occurs in the past and fixed at next version . it seems hangouts does not wait a sufficient time for accessing to kwallet . it seems this is a periodical bug .
yes i use same password for login and kwallet
it does not work with “classic” method .
i switched back to “bluefish” method and restore the files “login” and “xdm” in /etc/pam.d/
Isn’t “bluefish” the classic method anyway?
But as I said, I never tried pam_kwallet.
I hope you’d get better answers in your upstream (KDE) thread.
Or maybe ask at https://www.dennogumi.org/2014/04/unlocking-kwallet-with-pam/ (you mentioned it) too, in the comments section.
That guy is even affiliated with openSUSE and part of our KDE team… 
You can have more than one “wallet” in KDE. If you want a wallet to open without asking for a password/phrase (i.e. open automatically when the desktop launches), just delete the password/phrase or leave it blank.