Hi all,
until recently, kwallet worked fine in combination with kwallet-pam: I logged in, and the wallet was unlocked automatically.
Apparently, with some update, it now stopped working: After I login, I have to enter my password so that kwallet in unlocked.
I looked in /etc/pam.d/sddm. There, we have
...
-auth optional pam_kwallet5.so
...
-session optional pam_kwallet5.so auto_start
...
(I never changed anything there)
Also removing the minuses at the pam_kwallet5.so lines doesn't change the behavior: I'm asked to enter a password after logging in. I also tried to delete my wallet and re-create it. Didn't help either.
What happened here? Thanks for all help!
EDIT: Okay, the dashes at the front only suppress logging if the respective module is not present. So this of course changes nothing … I also tried to "force-reset" kwallet by doing
rm -rf ~/.local/share/kwalletd/* ~/.config/kwalletrc and starting over new – same. Kwallet-pam seems to be out of order.
Not a kwallet user, but which kwallet are you running - 5 or 6?
Both world/kwallet5 5.116.0-1 (kf5) and world/kwallet 6.5.0-1 (kf6) are installed.
I also can't remove kwallet5, as it is needed by kio5, which is needed by e.g. Marble etc.
How can I debug this? Nothing appears in syslog, neither can I find something in sddm.log …
If using X you can direct all xorg output to a log file like such:
startx -- -keeptty >~/.local/share/xorg/xorg.log 2>&1
KDE messages will be logged there.
You can fine tune the log level of individual KDE components with kdebugsettings.
If you use it do yourself a favour and save a copy of the current settings before you start changing them.
Edit: either disable sddm while you are doing this or find out how to get sddm to start X in the same fashion.
Correct me if I'm wrong – but if the kwallet-pam mechanism is triggered by an SDDM PAM config file and I bypass SDDM by starting KDE via startx and not via SDDM – won't I also bypass the whole kwallet-pam invocation?
Yeah maybe. I don't use display managers.
As you are quite likely correct configure sddm to pass the same or similar arguments to X.
From a very brief look
seems a likely candidate.
X and SDDM won't start at all with the "keeptty" option set … can I enable some PAM verbose logging maybe?!
Lose the keeptty option then.
I simply copied and pasted (part of) how I autostart X.
The pertinent part is
>~/.local/share/xorg/xorg.log 2>&1
Which is bash's way of saying 'redirect stdout & stderr to the given file.
Maybe this approach won't work with sddm ? I've never tried.
As for debuging PAM. I'm confident you can. But I've never done so myself.
If you type
man pam
in a terminal and then hit Tab you'll see a large list of man pages for PAM and it's modules.
pam_debug pam_syslog & pam_exec might be worth a closer look ?
Hopefully someone who has actually debugged PAM will offer more detailed advice but I know no more than that.
There is another option to workaround the issue.
Change the kwallet default wallet to have an empty password. (This is what I do)
Then you'll never get prompted for it!
Don't trust kwallet for any passwords you care about. imho.
Whether the wallet has a password or not once it gets opened it remains open for the whole session, unless you change the default settings. But if you do you'll be seeing that password prompt pop-up a lot.
And while the wallet is open any application running as your user can read all the passwords from it. Not just that applications own entries. And any one sat at your pc while you make a coffee etc. can see all your passwords through the wallet manager gui.
I've always had it mentally marked down as a annoyance which I don't trust.
Yeah, of course, I don't trust it ;-) I use pass for my real stuff.
But however, e.g. KMail and NetworkManager passwords are stored in KWallet, so I think I have to use it …
With the latest updates (as of today), it works again.
Heaven only knows what may have caused this …