SUMMARY When I unlock my screen, I always immediately get a KWallet password prompt. So I effectively have to enter my password twice. I expected the PAM module to take care of that. STEPS TO REPRODUCE 1. Lock your screen. 2. Unlock it. OBSERVED RESULT There's a KWallet prompt asking for my password (saying "kded5" needs it, which is not very informative). EXPECTED RESULT The PAM module should take care of this. SOFTWARE/OS VERSIONS Operating System: Debian GNU/Linux 10 KDE Plasma Version: 5.14.5 Qt Version: 5.11.3 KDE Frameworks Version: 5.54.0 Kernel Version: 4.19.0-5-amd64 OS Type: 64-bit ADDITIONAL INFORMATION
kwallet_pam only handles initial login. You have a setting to close the wallet when you lock the screen enabled. You probably want this off. Given kwallet's only job is to protect a system that's at rest. I struggle to see a use case for closing it when you lock the screen in combination with auto unlock that would provide any security.
> Given kwallet's only job is to protect a system that's at rest. I struggle to see a use case for closing it when you lock the screen in combination with auto unlock that would provide any security. Assuming the attacker grabs my laptop while the screen is locked, it would be nice to know that the wallet is closed and hence nothing can be extracted from RAM. So, disabling auto-close-on-lock would severely degrade security. Auto-open-wallet-on-screen-unlock OTOH does not degrade security as both the screen lock and the walltet are protected by the same password. So, I think there is quite an obvious use-case for this and it would significantly increase security, in particular when the laptop is hardly ever turned off so all the time "at rest" is spent in suspend.
I'm a bit disappointed that I do not even get an answer for suggesting what I think is a rather reasonable use-case.