In many ways, this is a continuation of bug 92845. Details are available there. A long-standing feature request was for single-sign-on -- where logging in would automatically unlock kwallet. (A very useful feature.) The issue was raised in 2004 with bug 92845 and was finally addressed in 2014. However, about a year later, this feature was removed with the transition to KDE 5. Please bring this feature back! (We already waited a decade!) Reproducible: Always
oh yes please.
With the gnupg backend this may shift towards a pam module to unlock the gpg key similar to pam_ssh [1]. [1] http://www.unix.com/man-page/debian/8/pam_ssh/
Seems that in Kubuntu 15.04 there are some improvements on this feature: I see signon-kwallet-extension and pam-kwallet packages. Is this packages from KDE or Ubuntu developers?
@Murz, I contact the Kubuntu folks first and they said that there wasn't anything they could do: https://bugs.launchpad.net/ubuntu/+source/kubuntu-meta/+bug/1451865 Still, I'd be curious to know about those packages.
Hello Alex, pam-kwallet is still in your scratch repositories. I think pam-kwallet should end in KF5::Wallet framework, into the runtime directory. Do you plan to port it to KF5? Do you need help with that?
I don't have plans (or time) at this very moment, so please feel free to take over.
Created attachment 93611 [details] patch to kf5 kwallet patch to kf5 kwallet, enable pam_kwallet support. codes directly token from kde4.
Created attachment 93612 [details] patch to pam-kwallet git codes. git clone git://anongit.kde.org/scratch/afiestas/pam-kwallet.git And apply this patch. changes: 1, kdehome not needed anymore, since kwalletd store files in ~/.local/share/kwalletd/ 2, Change path of kdewallet.salt accordingly.
pam_kwallet still had some limitions: 1, it only handle wallet named 'kdewallet'. 2, If you had 'kdewallet' created already, need to set the wallet password as same as account password. 3, it did not implement 'pam_sm_chauthtok' currently, that's to say, use 'passwd' utility to change account password, will NOT change 'wallet' password, kwallet still use the old password, you need to change it manually. I checked kwalletd/kwallet codes and found it is REALLY difficult to change runtime kwallet password via pam_sm_chauthtok. kwallet load everything to memory, if password changed via kwalletmanager5, it will sync back via kwallet backend. change 'salt' from outside can not change the password of wallet.
@Cjacker Please keep in mind: Those limitations might be ugly. But the core functionality of pam_kwallet (logging in without typing the password twice) is what people really need! So that should have priority.
@Cjacker I'm not in a position to test your patch, but I may owe you a beer. Thanks for helping out!
(In reply to Cjacker from comment #9) > pam_kwallet still had some limitions: > > 1, it only handle wallet named 'kdewallet'. > > 2, If you had 'kdewallet' created already, need to set the wallet password > as same as account password. > > 3, it did not implement 'pam_sm_chauthtok' currently, that's to say, use > 'passwd' utility to change account password, will NOT change 'wallet' > password, kwallet still use the old password, you need to change it manually. > > I checked kwalletd/kwallet codes and found it is REALLY difficult to change > runtime kwallet password via pam_sm_chauthtok. kwallet load everything to > memory, if password changed via kwalletmanager5, it will sync back via > kwallet backend. change 'salt' from outside can not change the password of > wallet. This one is true. But good news - the replacement KSecrets Service will handle that for you automagically.
See https://git.reviewboard.kde.org/r/124413/
What is the correct configuration in the PAM files to get this working? At least under Gentoo, this doesn't work: https://bugs.gentoo.org/show_bug.cgi?id=561470
(In reply to Manuel Bärenz from comment #14) > What is the correct configuration in the PAM files to get this working? At > least under Gentoo, this doesn't work: > https://bugs.gentoo.org/show_bug.cgi?id=561470 Google: https://www.dennogumi.org/2014/04/unlocking-kwallet-with-pam/
(In reply to Valentin Rusu from comment #15) > (In reply to Manuel Bärenz from comment #14) > > What is the correct configuration in the PAM files to get this working? At > > least under Gentoo, this doesn't work: > > https://bugs.gentoo.org/show_bug.cgi?id=561470 > > Google: > https://www.dennogumi.org/2014/04/unlocking-kwallet-with-pam/ This is for KDE4, and it doesn't work for kwallet5.