(based on these two blog entries and inspired by Fedora-Blog)
First install pam_kwallet:
sudo zypper in pam_kwallet
Then edit the files /etc/pam.d/passwd
, /etc/pam.d/login
and /etc/pam.d/sddm
as follows, i.e. add the lines beginning with a -
(the hyphens are valid PAM syntax to reduce log entries if these PAM modules should not exist) and ending with the ### comment
:
/etc/pam.d/passwd :
#%PAM-1.0
auth include common-auth
-auth optional pam_kwallet5.so kdehome=.local/share # Add this line
account include common-account
password include common-password
session include common-session
/etc/pam.d/login :
#%PAM-1.0
auth requisite pam_nologin.so
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session
#session optional pam_lastlog.so nowtmp showfailed
session optional pam_mail.so standard
-session optional pam_kwallet5.so auto_start # Add this line
/etc/pam.d/sddm :
#%PAM-1.0
-auth optional pam_kwallet5.so kdehome=.local/share # Add this line
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session
-session optional pam_kwallet5.so auto_start # Add this line
Now log out and in again to see if you do not have to type in your kwallet password.
so it appears one of the recent tumbleweed updates added kwallet to the common-* files just as I proposed, however I don't know if it works yet.
I also noticed this line added to the top of common-password though i'm not sure by what package.
seems to work out of the box on tumbleweed but since it doesn't have an
only_if=
it attempts to load it from every other pam module.seems to be a lot of "we were already executed" and attempts at pam_sm_open_session on su and sudo modules and such.