LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 02-15-2020, 07:50 AM   #1
gattocarlo
LQ Newbie
 
Registered: Jan 2020
Posts: 24

Rep: Reputation: Disabled
How to use PAM to unlock the KDE wallet in plasma


Some asked how to use PAM to unlock a KDE Wallet, since it seems not to be working out of the box after the recent updates.

This is a brief description of a work around to use until things will be fixed.

Prerequisites: login password and the wallet password must be the same, and the default wallet should be named kdewallet (the default name as far as I understand).

kwallet_pam and sddm-qt5 have some issues. This is how to fix them.

1. kwallet_pam drops pam_kwallet5.so in /usr/lib64/security while PAM presently searches in /lib/security

So mv, cp or ln the module to the new location:

Code:
ln -s /usr/lib64/security/pam_kwallet5.so /lib/security/pam_kwallet5.so
2. kwallet_pam comes with a shell script that will communicate the password to kwalletd5 for unlocking the wallet. This script requires "socat" which is not part of slackware or ktown.

So you need to grab and install it from here:

http://www.dest-unreach.org/socat/

Alternatively you can grab the package and install it from my repository:

http://www.istitutocolli.org/slack/

(EDIT: now the package is available for Alien BOB's ktwon)

3. in order for PAM to actually use pam_kwallet5.so you need to edit /etc/pam.d/sddm:

Change this line:


Code:
auth            include        login
into this one:

Code:
auth            substack        login
(as far as I understand -- I'm new to PAM too -- "include" will prevent the evaluation of the following line if it returns a "done". "substack" does not.

Your wallet should now be unlocked at login time.

Hope this helps.

andrea

Last edited by gattocarlo; 02-16-2020 at 11:34 AM. Reason: I inverted and mispelled the ln arguments... :-(
 
Old 02-16-2020, 11:32 AM   #2
gattocarlo
LQ Newbie
 
Registered: Jan 2020
Posts: 24

Original Poster
Rep: Reputation: Disabled
Alien BOB just updated the ktown repository so now everything works out of the box.

Thanks Alien for your amazing work.

(I'll edit the post above to remove the link to socat in my repo since I'm going to remove the now useless package)
 
3 members found this post helpful.
Old 02-16-2020, 01:31 PM   #3
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,012

Rep: Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743
Quote:
Originally Posted by gattocarlo View Post
Alien BOB just updated the ktown repository so now everything works out of the box.

Thanks Alien for your amazing work.
Well thanks to you for debugging this and showing me what needed to be done.
 
3 members found this post helpful.
Old 03-11-2020, 12:08 PM   #4
lioh
Member
 
Registered: Aug 2019
Location: Switzerland
Distribution: Slackware
Posts: 131

Rep: Reputation: Disabled
@andrea, I still have to enter the GNOME keyring password (which is the same as my login pw and the keyring is named 'login') after every cold restart of my system. Do you experience the same behavior?

Greetings

Lioh
 
Old 03-11-2020, 01:53 PM   #5
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,012

Rep: Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743Reputation: 6743
Quote:
Originally Posted by lioh View Post
@andrea, I still have to enter the GNOME keyring password (which is the same as my login pw and the keyring is named 'login') after every cold restart of my system. Do you experience the same behavior?

Greetings

Lioh
We are talking here about KDE Plasma 5 and the KDE Wallet service. Not the Gnome keyring.
 
Old 03-11-2020, 02:08 PM   #6
lioh
Member
 
Registered: Aug 2019
Location: Switzerland
Distribution: Slackware
Posts: 131

Rep: Reputation: Disabled
Yes, I am using KDE Plasma 5 from your repos and Kwallet works fine. Some applications just require GNOME keyring, and this does not automatically unlock. As Andrea has stated in the comments on your Blog post, the daughter is using both, kwallet and GNOME keyring so I thought this might be the right place to ask. I can also open a new thread for it, of course.
 
Old 03-12-2020, 09:31 AM   #7
gattocarlo
LQ Newbie
 
Registered: Jan 2020
Posts: 24

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by lioh View Post
Yes, I am using KDE Plasma 5 from your repos and Kwallet works fine. Some applications just require GNOME keyring, and this does not automatically unlock. As Andrea has stated in the comments on your Blog post, the daughter is using both, kwallet and GNOME keyring so I thought this might be the right place to ask. I can also open a new thread for it, of course.
sorry I'm coming late but I live in Italy and these are quite messy days... Yes, gnome-keyring is working fine but I had a problem similar to yours. I solved it by using seahorse to delete the default password keyring and recreating it using the login password. I'm not sure if this is related to your problem, though (I did so because I suspected the default keyring was created with a different password even though I was not sure).

Hope this helps,
andrea
 
Old 03-12-2020, 10:11 AM   #8
lioh
Member
 
Registered: Aug 2019
Location: Switzerland
Distribution: Slackware
Posts: 131

Rep: Reputation: Disabled
Dear Andrea,

hope you are doing fine. I had already deleted the default keyring which was called 'Anmeldung' in my case but had the same password as the login pass. I have created a new one named 'login', as suggested in the official docs, but it did not help. Today an update arrived in current, maybe this brings some improvements. Can you tell me how you have named the keyring? I remember that there is also a way to define a keyring to be unlocked on login, but within the seahorse version from SBo I cannot find this options.

Greetings

Lioh
 
Old 03-12-2020, 10:34 AM   #9
gattocarlo
LQ Newbie
 
Registered: Jan 2020
Posts: 24

Original Poster
Rep: Reputation: Disabled
We are doing fine thank you.

I named it "Login" which is the one unlocked on login, as far a as I understand.
 
Old 03-13-2020, 12:52 PM   #10
mumahendras3
Member
 
Registered: Feb 2018
Location: Indonesia
Distribution: Slackware-current with s6 + s6-rc + s6-linux-init
Posts: 54

Rep: Reputation: Disabled
Hi, lioh. I am using the gnome keyring at my system and the auto unlock feature works for me after some modifications to system-auth pam configuration file.
 
Old 05-20-2020, 10:16 AM   #11
gegechris99
Member
 
Registered: Oct 2005
Location: France
Distribution: Slackware current 64bit
Posts: 967
Blog Entries: 5

Rep: Reputation: 181Reputation: 181
Quote:
Originally Posted by gattocarlo View Post
Prerequisites: login password and the wallet password must be the same, and the default wallet should be named kdewallet (the default name as far as I understand).
I use KDE wallet on KDE5 to store my wireless connection credentials. My kdewallet password is my GPG passphrase and, because of that and after updating to latest Current (with PAM), automatic unlocking upon login didn't work. I was bothered at each login by a prompt asking me to enter my GPG passphrase. I really don't need to open KDE wallet at login because I use my wireless connection on an as-needed basis (default connection is wired).

To avoid this behaviour without removing kwallet-pam package, I found the following solution.

I created a desktop file with the same name as the one contained in kwallet-pam package and stored it in ~/.config/autostart. The file content is:
Code:
$ cat ~/.config/autostart/pam_kwallet_init.desktop 
Hidden=true
Hope this helps.

Last edited by gegechris99; 05-20-2020 at 10:32 AM. Reason: remove reference to the solution as a way to disable autostarted programs. This is not correct
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to Lock and Unlock User in Linux How to Lock and Unlock User in Linux LXer Syndicated Linux News 0 11-10-2019 06:21 PM
LXer: Solus Readies KDE Plasma Edition Testing ISO with Latest KDE Plasma 5.14 Desktop LXer Syndicated Linux News 0 10-25-2018 03:03 PM
LXer: KDE Plasma 5.13 Desktop Reaches End of Life, KDE Plasma 5.14 Arrives October 9 LXer Syndicated Linux News 0 09-15-2018 10:30 PM
/etc/pam.d/system-auth-ac vs. /etc/pam.d/password-auth-ac vs. /etc/pam.d/sshd christr Red Hat 2 08-01-2014 07:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:25 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration