Skip to content

Instantly share code, notes, and snippets.

@benediktg

benediktg/pam_kwallet-guide.md

Last active May 14, 2023 14:48
Show Gist options
  • Save benediktg/195f774073e3d85fc22597c094d21bae to your computer and use it in GitHub Desktop.
Save benediktg/195f774073e3d85fc22597c094d21bae to your computer and use it in GitHub Desktop.
Download ZIP
Short guide for pam_kwallet with KDE Plasma 5 on openSUSE
Raw
pam_kwallet-guide.md

(based on these two blog entries and inspired by Fedora-Blog)

First install pam_kwallet:

sudo zypper in pam_kwallet

Then edit the files /etc/pam.d/passwd, /etc/pam.d/login and /etc/pam.d/sddm as follows, i.e. add the lines beginning with a - (the hyphens are valid PAM syntax to reduce log entries if these PAM modules should not exist) and ending with the ### comment:

/etc/pam.d/passwd :

#%PAM-1.0
auth     include        common-auth
-auth optional pam_kwallet5.so kdehome=.local/share  # Add this line
account  include        common-account
password include        common-password
session  include        common-session

/etc/pam.d/login :

#%PAM-1.0
auth     requisite      pam_nologin.so
auth     include        common-auth
account  include        common-account
password include        common-password
session  required       pam_loginuid.so
session  include        common-session
#session  optional       pam_lastlog.so nowtmp showfailed
session  optional       pam_mail.so standard
-session optional pam_kwallet5.so auto_start  # Add this line

/etc/pam.d/sddm :

#%PAM-1.0
-auth optional pam_kwallet5.so kdehome=.local/share  # Add this line
auth     include        common-auth
account  include        common-account
password include        common-password
session  required       pam_loginuid.so
session  include        common-session
-session optional pam_kwallet5.so auto_start  # Add this line

Now log out and in again to see if you do not have to type in your kwallet password.

@miku84
Copy link

miku84 commented Dec 13, 2018

I have also lost a few hours to login at startup to kwallet to have gmailfeed applet connected. Then I found this:

https://www.kubuntuforums.net/showthread.php/73691-Remove-KDE-Wallet
"I just changed the password to empty. kwallet seems far more trouble than it's worth "

That is totally correct and closed my issue :)

@mx1up
Copy link

mx1up commented May 23, 2019

so i finally upgraded from 42.3 to 15.1 (fresh install) and noticed the same as @Trucido . I can confirm that the the wallet now automatically opens (provided you used the same password as user login) without altering any config files. However, sudo no longer works! I suspect this is related to the common-auth and common-password being much broader than editing the sddm file (which, I guess, only applied to gui logins). So in fact, I think the new change into common-* files is not so good because you only ever want to use the kwallet in a gui session (i.e. sddm file)?
But when I open these common files, it says not to change anything since it will be overwritten anyway, so... what now? :)

@solevi
Copy link

solevi commented May 27, 2019

Hi, Same here, not sure how to proceed..

@mx1up
Copy link

mx1up commented May 29, 2019

it appears to be a known bug (libgcrypt related): https://bugzilla.opensuse.org/show_bug.cgi?id=1133808

@aaccioly
Copy link

Just hit the same problem after upgrading to LEAP 15.1 and libgcrypt20-1.8.2-lp151.8.1.

Exact commands to downgrade to v 1.8.2-lp150.5.3.1 and lock the broken version can be found here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment