My /home partition is encrypted using dm-crypt. It gets unlocked on login with the help of pam_mount. kwallet-pam doesn't work with this setup. I followed the wiki to set SDDM up in the required way: https://wiki.archlinux.org/index.php/KDE_Wallet#Unlock_KDE_Wallet_automatically_on_login . Still, I need to enter the password to unlock kwallet after I login to the system. I've checked that this problem is indeed caused by dm-crypt-encryption/pam_mount. If I unlock my home partition by logging my user in to, say, tty2, and only after that use SDDM to login to a KDE Plasma session, then kwallet-pam works correctly, and I don't have to enter my password to unlock kwallet upon login. My guess is that kwallet-pam tries to unlock kwallet too early in the login process, before pam_mount finishes unlocking the encrypted /home partition. I use a fully updated Archlinux x64 system. Package versions: kwallet-pam 5.8.1 kwallet 5.30.0 pam 1.3.0 pam_mount 2.16 cryptsetup 1.7.3 sddm 0.14.0 Here is what "cat /etc/pam.d/sddm" returns: #%PAM-1.0 auth include system-login auth optional pam_mount.so auth optional pam_kwallet5.so auth optional pam_kwallet.so kdehome=.kde4 account include system-login password optional pam_mount.so password include system-login session include system-login session optional pam_mount.so session optional pam_kwallet5.so session optional pam_kwallet.so
Peter, are both your kde4 and "kde5" wallets locked after login? I couldn't find a hint in "man pam.d" saying so, and I'm no pam expert, but maybe the order of lines in pam.d/sddm is important. You put both kwallet auth lines before the pam_mount line. Does reordering them make any difference? "man pam.d" doesn't mention dependency management of any other kind, so if reordering doesn't help, there might be no way to get kwallet-pam working reliably in conjunction with pam_mount. But then again, I'm no expert on this...
(In reply to Denis Kurz from comment #1) > Peter, are both your kde4 and "kde5" wallets locked after login? > > I couldn't find a hint in "man pam.d" saying so, and I'm no pam expert, but > maybe the order of lines in pam.d/sddm is important. You put both kwallet > auth lines before the pam_mount line. Does reordering them make any > difference? > > "man pam.d" doesn't mention dependency management of any other kind, so if > reordering doesn't help, there might be no way to get kwallet-pam working > reliably in conjunction with pam_mount. But then again, I'm no expert on > this... Both kwallet4 and kwallet5 are locked if I login straight to KDE from SDDM after booting up the PC. If I login to tty2 beforehand, thus unlocking the /home partition, and only after that login to KDE through SDDM, then both kwallet4 and kwallet5 are unlocked. I've cheked the following ordering of lines in /etc/pam.d/sddm, and I don't see any difference (i.e. the problem persists, in exactly the same fashion): #%PAM-1.0 auth include system-login auth optional pam_kwallet5.so auth optional pam_kwallet.so kdehome=.kde4 auth optional pam_mount.so account include system-login password optional pam_mount.so password include system-login session include system-login session optional pam_kwallet5.so session optional pam_kwallet.so session optional pam_mount.so
Ok, in this case, I'm lost, sorry. I reopen so someone with more insight can review the bug and judge whether it's fixable from our side.
Same problem happens here (encrypted home with ecryptfs), neon packages. Also happend with kde4 (see https://bugs.launchpad.net/ubuntu/+source/pam-kwallet/+bug/1335135).
Same bug here and there is more about it: https://diasporabr.com.br/posts/1629872 https://forum.manjaro.org/t/kwallet-will-not-automatically-unlock-after-encrypting-home-directory/28835
I'm suffering from this bug, too (Manjaro). Is there any way I can help debugging this? It seems pam_gnome_keyring works fine in conjunction with pam_mount, so I suppose there's no inherent reason this shouldn't be fixable...
I'm encountering this issue on Gentoo with 5.14.5. In the Gentoo wiki, there is a suggested workaround involving copying kdewallet.salt to the root partition: https://wiki.gentoo.org/wiki/KDE#KWallet_auto-unlocking It does not work for me, but I may be misunderstanding where it should be copied. (I'm go to try a couple of other locations than I already did.)
(In reply to Erik Quaeghebeur from comment #7) > […], there is a suggested workaround involving copying kdewallet.salt to the > root partition: > > https://wiki.gentoo.org/wiki/KDE#KWallet_auto-unlocking Well, if kdewallet.salt is be copied to its usual location, /home/$USER/.local/share/kwalletd/kdewallet.salt, but without the encrypted home being mounted, then it works for me. So this seems like a viable workaround and may also point to what is going wrong. What happens for me sometimes is that pam_mount fails and I get thrown into an uninitialized Plasma session. For this session, some files are autocreated. Among them kdewallet.kwl and kdewallet.salt in the usual location (as above). It could be that these empty/wrong files are what causes the issue. I haven't tested this yet, as removing them would not be robust against the problem of pam_mount failing sometimes.