Bug 510490

Summary: kwallet-pam fails to unlock wallet if it has non-default name
Product: [Frameworks and Libraries] kwallet-pam Reporter: i.Dark_Templar <idarktemplar>
Component: generalAssignee: Plasma Bugs List <plasma-bugs-null>
Status: REPORTED ---    
Severity: normal CC: idarktemplar, mk.mateng
Priority: NOR    
Version First Reported In: 6.4.5   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description i.Dark_Templar 2025-10-11 12:30:40 UTC 
SUMMARY
If default kwallet name is changed through kwalletmanager, kwallet-pam fails to unlock a wallet on login.

STEPS TO REPRODUCE
1. install kwallet-pam and kwalletmanager
2. change default wallet using kwalletmanager from "kdewallet" to any other wallet, for example, "mywallet". Ensure that this new wallet "mywallet" has password same as "kdewallet".
3. log out and log in again.

OBSERVED RESULT
New default wallet "mywallet" is locked. Password is being asked to get it unlocked. "kdewallet" is also locked.

EXPECTED RESULT
New default wallet "mywallet" is unlocked via kwallet-pam.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: X11
KDE Plasma Version:  6.4.5
KDE Frameworks Version: 6.18.0
Qt Version: 6.9.3

ADDITIONAL INFORMATION
Right on this line:
https://invent.kde.org/plasma/kwallet-pam/-/blob/c8a072e4a9af54589f4b0676fac43d8b4b735105/pam_kwallet.c#L785
"kdewallet" wallet name is hardcoded. If kdewallet.salt is different from mywallet.salt, which it likely is, then login password is hashed with incorrect salt, incorrect result is received for default wallet (which is not "kdewallet" but "mywallet"), and "mywallet" is not unlocked.

To work correctly, kwallet-pam should find and parse user's kwalletrc for "[Wallet]/Default Wallet" value and if it's present use it instead of hardcoded default "kdewallet".
Comment 1 michaelk83 2025-10-11 15:42:37 UTC 
This is a known and documented limitation. See e.g. https://wiki.archlinux.org/title/KDE_Wallet#Unlock_KDE_Wallet_automatically_on_login
(Not saying it can't be changed, but I suspect there was some good reason for it.)