I recently upgraded from Leap 15.4 to Leap 15.5. Since updating, I have an issue where kwalletd5 stops responding properly.
Right after logging in if I try to use any applications that require the wallet they say waiting for authorization and just timeout. I am never prompted for a wallet password.
If I killall kwalletd5, then a password prompt immediately appears. However, any already running programs that have already initiated an authorization request still timeout and never talk to the new instance.
Eventually this new instance hangs again and must be killed and the cycle repeats.
So I currently 1) login 2) killall kwalletd5 3) then and only then attempt to connect to WiFi (password saved in wallet)
This most frustratingly affects managing NetworkManager in Plasma. I have to log out and log back in whenever I need to connect to a different network or after sleeping my computer. If I could figure out how to kill and relaunch the NetworkManager/Plasma integration then maybe I could get it to use the new kwalletd5 instance after killing it, but that is just a band-aid.
How do I troubleshoot what is going on with kwalletd5?
One change with Leap 15.5, is that “pam_kwallet” is part of a standard install. If you are not using “pam_kwallet”, this might be the cause of your problem.
You can test this by uninstalling “pam_kwallet”. If that breaks something, then you can easily reinstall. If uninstalling fixes your problem, then I would suggest that you also lock “pam_kwallet” so that it isn’t reinstalled at some future update.
An addendum:
If your kwallet password is different from your login password, then you are not using “pam_kwallet”.
If you use GPG encryption for kwallet, then you are not using “pam_kwallet”.
If your system is configured for autologin, so that you don’t present any password to login, then you are not using “pam_kwallet”.
kwallet does support GPG as backend and it results in deadlock requesting passphrase (because GPG attempts to request passphrase from the secret service which is also implemented and provided by kwallet so kwallet ends up waiting for passphrase from GPG while GPG waits for kwallet to provide this passphrase).
That’s gotta be it. Sometimes if I wait then it appears. Sometimes it never appears but maybe I am impatient. When I first upgraded to 15.5 I was definitely more patient at first . I’ll be more patient the next few times and confirm that.
Well this worked fine in Leap 15.4, so that deadlock is definitely a new issue with KDE/GPG/kwallet/etc.
I just checked that when I trigger a GPG password prompt with either kwallet or Git (I use a separate key from the wallet to sign commits) there is not the normal checkbox for remembering the password that saves it in the wallet that comes up in other password prompts in KDE. The prompt to sign a Git commit with my non-wallet GPG key also always comes up instantly. Of course there could be something else happening not represented in the GUI.
Option A (recommended): To prevent GPG from trying to retrieve the passphrase from Secret Service, add the no-allow-external-cache option to ~/.gnupg/gpg-agent.conf. You can either edit the file manually, or run: echo no-allow-external-cache:0:1 | gpgconf --change-options gpg-agent. GPG will prompt the user directly when the key passphrase is needed for the first time.
. I’ll be more patient the next few times and confirm that.