(based on these two blog entries and inspired by Fedora-Blog)
First install pam_kwallet:
sudo zypper in pam_kwallet
Then edit the files /etc/pam.d/passwd
, /etc/pam.d/login
and /etc/pam.d/sddm
as follows, i.e. add the lines beginning with a -
(the hyphens are valid PAM syntax to reduce log entries if these PAM modules should not exist) and ending with the ### comment
:
/etc/pam.d/passwd :
#%PAM-1.0
auth include common-auth
-auth optional pam_kwallet5.so kdehome=.local/share # Add this line
account include common-account
password include common-password
session include common-session
/etc/pam.d/login :
#%PAM-1.0
auth requisite pam_nologin.so
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session
#session optional pam_lastlog.so nowtmp showfailed
session optional pam_mail.so standard
-session optional pam_kwallet5.so auto_start # Add this line
/etc/pam.d/sddm :
#%PAM-1.0
-auth optional pam_kwallet5.so kdehome=.local/share # Add this line
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session
-session optional pam_kwallet5.so auto_start # Add this line
Now log out and in again to see if you do not have to type in your kwallet password.
Okay I think I finally found a permanent solution. The original proposed solution in this gist maybe worked on older versions of openSUSE but not Leap 42.3 from what I can tell.
First I created a copy of the following files:
Then I created symlinks to preserve the original directory structure
Each file was edited to comment out gnome_keyring and added kwallet5 and kwallet since these substacks are only intended to load the wallet
/etc/pam.d/kwallet-auth :
/etc/pam.d/kwallet-password :
/etc/pam.d/kwallet-session :
then finally, I added each of these new stacks below the existing ones in sddm
/etc/pam.d/sddm :
Result: Success! journalctl logs below, and the default "kdewallet" opens by itself without prompting for password when an app requests to open it. I added kwalletmanager5 to startup so it opens immediately and stays open but it's not really necessary I don't think.
I never had to create any wallets to get the default "kdewallet", but I do remember adding these lines after a fresh install (from arch wiki I think):
~/.config/kwalletrc :
~/.config/kwalletmanager5rc :