SUMMARY After an upgrade from F33 to F34 kwallet fails to open at login most of the time. STEPS TO REPRODUCE 1. Create a Wifi connection with secrets stored encrypted for user. 2. Set the connection to auto-connect. 3. logout/login OBSERVED RESULT Most of the time when login occurs you're prompted prompted for the kwallet password. EXPECTED RESULT The kwallet should be opened automatically via pam on login with no need to enter any password. SOFTWARE/OS VERSIONS Linux/KDE Plasma: Fedora release 34 (Thirty Four) KDE Frameworks Version: 5.8.0 Qt Version: 5.15.2 ADDITIONAL INFORMATION journal output May 01 06:47:05 meimei.greshko.com sddm-helper[2543]: pam_kwallet5(sddm:auth): (null): pam_sm_authenticate May 01 06:47:05 meimei.greshko.com sddm-helper[2543]: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred May 01 06:47:06 meimei.greshko.com sddm-helper[2543]: pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session May 01 06:47:06 meimei.greshko.com sddm-helper[2564]: pam_kwallet5: final socket path: /run/user/1026/kwallet5.socket May 01 06:47:06 meimei.greshko.com audit[2543]: USER_START pid=2543 uid=0 auid=1026 ses=2 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_gnome_keyring,pam_kwallet5,pam_umask,pam_lastlog acct="egreshko" exe="/usr/libexec/sddm-helper" hostname=? addr=? terminal=:0 res=success' May 01 06:47:09 meimei.greshko.com kwalletd5[2565]: Wallet failed to get opened by PAM, error code is -9 May 01 06:47:10 meimei.greshko.com systemd[2548]: app-pam_kwallet_init@autostart.service: Deactivated successfully.
Can confirm the bug on 2 different machines, after upgrade to Fedora 34 (which brings Plasma 5.21 AND systemd activated user services).
Seeing this on 3 machines after upgrading from F33 to F34.
journalctl -b | grep -i kwallet May 15 11:51:18 pantagruel sddm-helper[3283]: pam_kwallet5(sddm:auth): (null): pam_sm_authenticate May 15 11:51:18 pantagruel sddm-helper[3283]: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred May 15 11:51:19 pantagruel sddm-helper[3283]: pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session May 15 11:51:19 pantagruel sddm-helper[3309]: pam_kwallet5: final socket path: /run/user/1000/kwallet5.socket May 15 11:51:19 pantagruel audit[3283]: USER_START pid=3283 uid=0 auid=1000 ses=2 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_gnome_keyring,pam_kwallet5,pam_umask,pam_lastlog acct="jerry" exe="/usr/libexec/sddm-helper" hostname=pantagruel addr=? terminal=/dev/tty1 res=success' May 15 11:51:21 pantagruel systemd[3288]: Created slice app-dbus\x2d:1.2\x2dorg.kde.kwalletd5.slice. May 15 11:51:21 pantagruel systemd[3288]: Started dbus-:1.2-org.kde.kwalletd5@0.service. May 15 11:51:21 pantagruel kwalletd5[3538]: org.kde.kf5.kwindowsystem.kwayland: This compositor does not support the Plasma Window Management interface May 15 11:51:21 pantagruel kwalletd5[3538]: Application ' "kded5" ' using kwallet without parent window! May 15 11:51:21 pantagruel systemd[3288]: Starting KWallet PAM Socket Connection... May 15 11:51:21 pantagruel systemd[3288]: Started KWallet PAM Socket Connection. May 15 11:51:21 pantagruel sddm[3310]: kwalletd5: Checking for pam module May 15 11:51:21 pantagruel sddm[3310]: kwalletd5: Got pam-login param May 15 11:51:21 pantagruel sddm[3310]: kwalletd5: Waiting for hash on 16- May 15 11:51:21 pantagruel sddm[3310]: kwalletd5: waitingForEnvironment on: 17 May 15 11:51:21 pantagruel sddm[3310]: kwalletd5: client connected May 15 11:51:21 pantagruel sddm[3310]: kwalletd5: client disconnected May 15 11:51:22 pantagruel systemd[3288]: app-pam_kwallet_init@autostart.service: Deactivated successfully.
This only happens for me immediately after upgrading Plasma, and strange enough, rebooting my system made the issue go away at the next and subsequent logins, i.e. kwallet stops appearing at Plasma startup. When kwallet nags me with its dialog box, my session is unable to automatically connect to my WiFi network without my input. I got near identical journal logs to comment #3 above when this happens (see below). This has been going on for the past couple of releases now -- I can't remember what version I started getting this behavior. SYSTEM INFORMATION Operating System: Manjaro Linux KDE Plasma Version: 5.22.3 KDE Frameworks Version: 5.83.0 Qt Version: 5.15.2 Kernel Version: 5.12.14-2-MANJARO (64-bit) Graphics Platform: X11 Processors: 12 × AMD Ryzen 5 1600 Six-Core Processor Memory: 15.6 GiB of RAM Graphics Processor: Radeon RX 570 Series `journalctl -b-1 | grep -i kwallet` OUTPUT Jul 07 18:47:41 pbngtower1 sddm-helper[1372]: pam_kwallet5(sddm:auth): (null): pam_sm_authenticate Jul 07 18:47:41 pbngtower1 sddm-helper[1372]: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred Jul 07 18:47:41 pbngtower1 sddm-helper[1372]: pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session Jul 07 18:47:41 pbngtower1 sddm-helper[1375]: pam_kwallet5: final socket path: /run/user/1000/kwallet5.socket Jul 07 18:47:41 pbngtower1 kernel: audit: type=1105 audit(1625705261.151:104): pid=1372 uid=0 auid=1000 ses=4 subj==unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_unix,pam_permit,pam_mail,pam_systemd,pam_env,pam_kwallet5 acct="pibeng" exe="/usr/lib/sddm/sddm-helper" hostname=? addr=? terminal=:0 res=success' Jul 07 18:47:41 pbngtower1 audit[1372]: USER_START pid=1372 uid=0 auid=1000 ses=4 subj==unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_unix,pam_permit,pam_mail,pam_systemd,pam_env,pam_kwallet5 acct="pibeng" exe="/usr/lib/sddm/sddm-helper" hostname=? addr=? terminal=:0 res=success' Jul 07 18:47:43 pbngtower1 dbus-daemon[1387]: [session uid=1000 pid=1387] Activating service name='org.kde.kwalletd5' requested by ':1.11' (uid=1000 pid=1426 comm="/usr/bin/kded5 ") Jul 07 18:47:43 pbngtower1 dbus-daemon[1387]: [session uid=1000 pid=1387] Successfully activated service 'org.kde.kwalletd5' Jul 07 18:47:44 pbngtower1 kwalletd5[1504]: Application ' "kded5" ' using kwallet without parent window! Jul 07 18:47:46 pbngtower1 plasma_session[1409]: org.kde.plasma.session: Starting autostart service "/etc/xdg/autostart/pam_kwallet_init.desktop" ("/usr/lib/pam_kwallet_init") Jul 07 18:47:46 pbngtower1 sddm[1376]: kwalletd5: Checking for pam module Jul 07 18:47:46 pbngtower1 sddm[1376]: kwalletd5: Got pam-login param Jul 07 18:47:46 pbngtower1 sddm[1376]: kwalletd5: Waiting for hash on 7- Jul 07 18:47:46 pbngtower1 sddm[1376]: kwalletd5: waitingForEnvironment on: 8 Jul 07 18:47:46 pbngtower1 sddm[1376]: kwalletd5: client connected Jul 07 18:47:46 pbngtower1 sddm[1376]: kwalletd5: client disconnected
Quick update: Just after upgrading to Plasma 5.22.4, the same old behavior in comment #4 was reproduced, so this behavior basically did not change between 5.22.3 and 5.22.4, at least for me. Journal logs are similar to the above comments, so I won't post them to prevent flooding the ticket with logs. This really needs to be looked at by KDE developers because it's getting old having to reboot my system twice every single time I get Plasma updated.
*** This bug has been marked as a duplicate of bug 433223 ***
This bug had been marked as a duplicate of 433223. But it is not. 433223 has been resolved and the fix ported to Fedora 34. This did not fix my issue. On a system reboot, when I login I still need to enter my wallet password to start Wifi connections. I also need to supply my password on other logins for chrome to access the wallet. The journal shows the following on the first login. [egreshko@meimei ~]$ journalctl -b 0 | grep kwallet Jul 31 23:53:04 meimei.greshko.com sddm-helper[2611]: pam_kwallet5(sddm:auth): (null): pam_sm_authenticate Jul 31 23:53:04 meimei.greshko.com sddm-helper[2611]: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred Jul 31 23:53:04 meimei.greshko.com sddm-helper[2611]: pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session Jul 31 23:53:04 meimei.greshko.com sddm-helper[2638]: pam_kwallet5: final socket path: /run/user/1026/kwallet5.socket Jul 31 23:53:04 meimei.greshko.com audit[2611]: USER_START pid=2611 uid=0 auid=1026 ses=2 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_gnome_keyring,pam_kwallet5,pam_umask,pam_lastlog acct="egreshko" exe="/usr/libexec/sddm-helper" hostname=? addr=? terminal=:0 res=success' Jul 31 23:53:05 meimei.greshko.com systemd[2618]: Started Unlock kwallet from pam credentials. Jul 31 23:53:05 meimei.greshko.com kwalletd5[2639]: Wallet failed to get opened by PAM, error code is -9 Jul 31 23:53:08 meimei.greshko.com kwalletd5[2639]: Application ' "kded5" ' using kwallet without parent window! What is "PAM, error code is -9"?
Is this in the Wayland session only, with the X11 session unaffected? If so, I can confirm. I'm on Fedora 34 and the fix worked for me on X11, but the problem remains on Wayland. Is that the same situation you're in too?
(In reply to Nate Graham from comment #8) > Is this in the Wayland session only, with the X11 session unaffected? If so, > I can confirm. I'm on Fedora 34 and the fix worked for me on X11, but the > problem remains on Wayland. Is that the same situation you're in too? I am running X11 only. I only experiment with wayland from time to time. So, my issue is in X11.
I would like to add that I ran into this bug in X11 too, but I don't think the systemd-based startup feature is enabled in my Plasma setup. Again, this only occurs the very next time I log into Plasma right after updating it to a new version, and it would keep doing that until the next time I reboot.
(In reply to Nate Graham from comment #8) > Is this in the Wayland session only, with the X11 session unaffected? If so, > I can confirm. I'm on Fedora 34 and the fix worked for me on X11, but the > problem remains on Wayland. Is that the same situation you're in too? I'm seeing this on one laptop running a Wayland session exclusively, and on two other laptops that switch between X11 and Wayland sessions, and seeing the issue in each.
Let's stick to discussing one bug in this bug report: the case of KWallet not automatically unlocking when using systemd startup (which is enabled by default on Fedora 34)
I just created a separate bug ticket for my scenario in bug #440527. This is to fulfill the focus on Plasma setups using systemd-based startup here, as said in comment #12.
(In reply to Jerry Kiely from comment #11) > (In reply to Nate Graham from comment #8) > > Is this in the Wayland session only, with the X11 session unaffected? If so, > > I can confirm. I'm on Fedora 34 and the fix worked for me on X11, but the > > problem remains on Wayland. Is that the same situation you're in too? > > I'm seeing this on one laptop running a Wayland session exclusively, and on > two other laptops that switch between X11 and Wayland sessions, and seeing > the issue in each. I should have said all three laptops are running Fedora 34, and I am seeing this issue in both X11 and Wayland sessions.
I am running into the same issue with: Operating System: Gentoo Linux 2.8 KDE Plasma Version: 5.22.5 KDE Frameworks Version: 5.86.0 Qt Version: 5.15.2 Kernel Version: 5.14.8 (64-bit) Graphics Platform: Wayland Processors: 8 × AMD Ryzen 5 2400G with Radeon Vega Graphics Memory: 13,5 GiB of RAM Graphics Processor: AMD Radeon™ Vega 11 Graphics Sadly I cannot identify the journal entries on my system that others see.
*** Bug 445164 has been marked as a duplicate of this bug. ***
even in arch linux how much time will it take to get fixed?
>What is "PAM, error code is -9"? It is return i18n("Read error - possibly incorrect password.");
> Jul 07 18:47:46 pbngtower1 plasma_session[1409]: org.kde.plasma.session: Starting autostart service "/etc/xdg/autostart/pam_kwallet_init.desktop" ("/usr/lib/pam_kwallet_init") This definitely isn't using the systemd startup. Either we have two unrelated bugs or the tag in the title is wrong,
Fixed by the fix for Bug 433223, but then broken again in Bug 448479. You can check that out to follow along with the current status. *** This bug has been marked as a duplicate of bug 433223 ***