Bug 436442 - kwallet fails to open at login most of the time
Summary: kwallet fails to open at login most of the time
Status: RESOLVED DUPLICATE of bug 433223
Alias: None
Product: plasmashell
Classification: Plasma
Component: general (show other bugs)
Version: 5.22.4
Platform: Fedora RPMs Linux
: VHI normal
Target Milestone: 1.0
Assignee: David Edmundson
URL:
Keywords:
: 445164 (view as bug list)
Depends on:
Blocks:
 
Reported: 2021-05-01 08:45 UTC by Ed Greshko
Modified: 2024-02-17 14:50 UTC (History)
17 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ed Greshko 2021-05-01 08:45:49 UTC
SUMMARY After an upgrade from F33 to F34 kwallet fails to open at login most of the time.


STEPS TO REPRODUCE
1. Create a Wifi connection with secrets stored encrypted for user.
2. Set the connection to auto-connect.
3. logout/login

OBSERVED RESULT  Most of the time when login occurs you're prompted prompted for the kwallet password.


EXPECTED RESULT  The kwallet should be opened automatically via pam on login with no need to enter any password.


SOFTWARE/OS VERSIONS

Linux/KDE Plasma: Fedora release 34 (Thirty Four) 
KDE Frameworks Version: 5.8.0
Qt Version: 5.15.2

ADDITIONAL INFORMATION

journal output

May 01 06:47:05 meimei.greshko.com sddm-helper[2543]: pam_kwallet5(sddm:auth): (null): pam_sm_authenticate
May 01 06:47:05 meimei.greshko.com sddm-helper[2543]: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred
May 01 06:47:06 meimei.greshko.com sddm-helper[2543]: pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session
May 01 06:47:06 meimei.greshko.com sddm-helper[2564]: pam_kwallet5: final socket path: /run/user/1026/kwallet5.socket
May 01 06:47:06 meimei.greshko.com audit[2543]: USER_START pid=2543 uid=0 auid=1026 ses=2 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_gnome_keyring,pam_kwallet5,pam_umask,pam_lastlog acct="egreshko" exe="/usr/libexec/sddm-helper" hostname=? addr=? terminal=:0 res=success'
May 01 06:47:09 meimei.greshko.com kwalletd5[2565]: Wallet failed to get opened by PAM, error code is -9
May 01 06:47:10 meimei.greshko.com systemd[2548]: app-pam_kwallet_init@autostart.service: Deactivated successfully.
Comment 1 Rajeesh K V 2021-05-11 15:29:46 UTC
Can confirm the bug on 2 different machines, after upgrade to Fedora 34 (which brings Plasma 5.21 AND systemd activated user services).
Comment 2 Jerry Kiely 2021-05-13 00:02:20 UTC
Seeing this on 3 machines after upgrading from F33 to F34.
Comment 3 Jerry Kiely 2021-05-15 10:56:22 UTC
journalctl -b | grep -i kwallet


May 15 11:51:18 pantagruel sddm-helper[3283]: pam_kwallet5(sddm:auth): (null): pam_sm_authenticate
May 15 11:51:18 pantagruel sddm-helper[3283]: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred
May 15 11:51:19 pantagruel sddm-helper[3283]: pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session
May 15 11:51:19 pantagruel sddm-helper[3309]: pam_kwallet5: final socket path: /run/user/1000/kwallet5.socket
May 15 11:51:19 pantagruel audit[3283]: USER_START pid=3283 uid=0 auid=1000 ses=2 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_gnome_keyring,pam_kwallet5,pam_umask,pam_lastlog acct="jerry" exe="/usr/libexec/sddm-helper" hostname=pantagruel addr=? terminal=/dev/tty1 res=success'
May 15 11:51:21 pantagruel systemd[3288]: Created slice app-dbus\x2d:1.2\x2dorg.kde.kwalletd5.slice.
May 15 11:51:21 pantagruel systemd[3288]: Started dbus-:1.2-org.kde.kwalletd5@0.service.
May 15 11:51:21 pantagruel kwalletd5[3538]: org.kde.kf5.kwindowsystem.kwayland: This compositor does not support the Plasma Window Management interface
May 15 11:51:21 pantagruel kwalletd5[3538]: Application ' "kded5" ' using kwallet without parent window!
May 15 11:51:21 pantagruel systemd[3288]: Starting KWallet PAM Socket Connection...
May 15 11:51:21 pantagruel systemd[3288]: Started KWallet PAM Socket Connection.
May 15 11:51:21 pantagruel sddm[3310]: kwalletd5: Checking for pam module
May 15 11:51:21 pantagruel sddm[3310]: kwalletd5: Got pam-login param
May 15 11:51:21 pantagruel sddm[3310]: kwalletd5: Waiting for hash on 16-
May 15 11:51:21 pantagruel sddm[3310]: kwalletd5: waitingForEnvironment on: 17
May 15 11:51:21 pantagruel sddm[3310]: kwalletd5: client connected
May 15 11:51:21 pantagruel sddm[3310]: kwalletd5: client disconnected
May 15 11:51:22 pantagruel systemd[3288]: app-pam_kwallet_init@autostart.service: Deactivated successfully.
Comment 4 Timothy B 2021-07-08 01:21:30 UTC
This only happens for me immediately after upgrading Plasma, and strange enough, rebooting my system made the issue go away at the next and subsequent logins, i.e. kwallet stops appearing at Plasma startup. When kwallet nags me with its dialog box, my session is unable to automatically connect to my WiFi network without my input.

I got near identical journal logs to comment #3 above when this happens (see below). This has been going on for the past couple of releases now -- I can't remember what version I started getting this behavior.

SYSTEM INFORMATION

Operating System: Manjaro Linux
KDE Plasma Version: 5.22.3
KDE Frameworks Version: 5.83.0
Qt Version: 5.15.2
Kernel Version: 5.12.14-2-MANJARO (64-bit)
Graphics Platform: X11
Processors: 12 × AMD Ryzen 5 1600 Six-Core Processor
Memory: 15.6 GiB of RAM
Graphics Processor: Radeon RX 570 Series

`journalctl -b-1 | grep -i kwallet` OUTPUT

Jul 07 18:47:41 pbngtower1 sddm-helper[1372]: pam_kwallet5(sddm:auth): (null): pam_sm_authenticate
Jul 07 18:47:41 pbngtower1 sddm-helper[1372]: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred
Jul 07 18:47:41 pbngtower1 sddm-helper[1372]: pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session
Jul 07 18:47:41 pbngtower1 sddm-helper[1375]: pam_kwallet5: final socket path: /run/user/1000/kwallet5.socket
Jul 07 18:47:41 pbngtower1 kernel: audit: type=1105 audit(1625705261.151:104): pid=1372 uid=0 auid=1000 ses=4 subj==unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_unix,pam_permit,pam_mail,pam_systemd,pam_env,pam_kwallet5 acct="pibeng" exe="/usr/lib/sddm/sddm-helper" hostname=? addr=? terminal=:0 res=success'
Jul 07 18:47:41 pbngtower1 audit[1372]: USER_START pid=1372 uid=0 auid=1000 ses=4 subj==unconfined msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_unix,pam_permit,pam_mail,pam_systemd,pam_env,pam_kwallet5 acct="pibeng" exe="/usr/lib/sddm/sddm-helper" hostname=? addr=? terminal=:0 res=success'
Jul 07 18:47:43 pbngtower1 dbus-daemon[1387]: [session uid=1000 pid=1387] Activating service name='org.kde.kwalletd5' requested by ':1.11' (uid=1000 pid=1426 comm="/usr/bin/kded5 ")
Jul 07 18:47:43 pbngtower1 dbus-daemon[1387]: [session uid=1000 pid=1387] Successfully activated service 'org.kde.kwalletd5'
Jul 07 18:47:44 pbngtower1 kwalletd5[1504]: Application ' "kded5" ' using kwallet without parent window!
Jul 07 18:47:46 pbngtower1 plasma_session[1409]: org.kde.plasma.session: Starting autostart service  "/etc/xdg/autostart/pam_kwallet_init.desktop" ("/usr/lib/pam_kwallet_init")
Jul 07 18:47:46 pbngtower1 sddm[1376]: kwalletd5: Checking for pam module
Jul 07 18:47:46 pbngtower1 sddm[1376]: kwalletd5: Got pam-login param
Jul 07 18:47:46 pbngtower1 sddm[1376]: kwalletd5: Waiting for hash on 7-
Jul 07 18:47:46 pbngtower1 sddm[1376]: kwalletd5: waitingForEnvironment on: 8
Jul 07 18:47:46 pbngtower1 sddm[1376]: kwalletd5: client connected
Jul 07 18:47:46 pbngtower1 sddm[1376]: kwalletd5: client disconnected
Comment 5 Timothy B 2021-07-29 21:58:52 UTC
Quick update: Just after upgrading to Plasma 5.22.4, the same old behavior in comment #4 was reproduced, so this behavior basically did not change between 5.22.3 and 5.22.4, at least for me. Journal logs are similar to the above comments, so I won't post them to prevent flooding the ticket with logs.

This really needs to be looked at by KDE developers because it's getting old having to reboot my system twice every single time I get Plasma updated.
Comment 6 David Edmundson 2021-07-29 22:29:10 UTC

*** This bug has been marked as a duplicate of bug 433223 ***
Comment 7 Ed Greshko 2021-07-31 22:19:04 UTC
This bug had been marked as a duplicate of 433223. But it is not.

433223 has been resolved and the fix ported to Fedora 34.  This did not
fix my issue.

On a system reboot, when I login I still need to enter my wallet password to start Wifi connections.  I also need to supply my password on other logins for chrome to access the wallet.

The journal shows the following on the first login.

[egreshko@meimei ~]$ journalctl -b 0 | grep kwallet
Jul 31 23:53:04 meimei.greshko.com sddm-helper[2611]: pam_kwallet5(sddm:auth): (null): pam_sm_authenticate
Jul 31 23:53:04 meimei.greshko.com sddm-helper[2611]: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred
Jul 31 23:53:04 meimei.greshko.com sddm-helper[2611]: pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session
Jul 31 23:53:04 meimei.greshko.com sddm-helper[2638]: pam_kwallet5: final socket path: /run/user/1026/kwallet5.socket
Jul 31 23:53:04 meimei.greshko.com audit[2611]: USER_START pid=2611 uid=0 auid=1026 ses=2 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_gnome_keyring,pam_kwallet5,pam_umask,pam_lastlog acct="egreshko" exe="/usr/libexec/sddm-helper" hostname=? addr=? terminal=:0 res=success'
Jul 31 23:53:05 meimei.greshko.com systemd[2618]: Started Unlock kwallet from pam credentials.
Jul 31 23:53:05 meimei.greshko.com kwalletd5[2639]: Wallet failed to get opened by PAM, error code is -9
Jul 31 23:53:08 meimei.greshko.com kwalletd5[2639]: Application ' "kded5" ' using kwallet without parent window!

What is "PAM, error code is -9"?
Comment 8 Nate Graham 2021-07-31 22:27:56 UTC
Is this in the Wayland session only, with the X11 session unaffected? If so, I can confirm. I'm on Fedora 34 and the fix worked for me on X11, but the problem remains on Wayland. Is that the same situation you're in too?
Comment 9 Ed Greshko 2021-07-31 22:34:11 UTC
(In reply to Nate Graham from comment #8)
> Is this in the Wayland session only, with the X11 session unaffected? If so,
> I can confirm. I'm on Fedora 34 and the fix worked for me on X11, but the
> problem remains on Wayland. Is that the same situation you're in too?


I am running X11 only.  I only experiment with wayland from time to time.
So, my issue is in X11.
Comment 10 Timothy B 2021-07-31 22:43:32 UTC
I would like to add that I ran into this bug in X11 too, but I don't think the systemd-based startup feature is enabled in my Plasma setup. Again, this only occurs the very next time I log into Plasma right after updating it to a new version, and it would keep doing that until the next time I reboot.
Comment 11 Jerry Kiely 2021-08-01 09:02:37 UTC
(In reply to Nate Graham from comment #8)
> Is this in the Wayland session only, with the X11 session unaffected? If so,
> I can confirm. I'm on Fedora 34 and the fix worked for me on X11, but the
> problem remains on Wayland. Is that the same situation you're in too?

I'm seeing this on one laptop running a Wayland session exclusively, and on two other laptops that switch between X11 and Wayland sessions, and seeing the issue in each.
Comment 12 Nate Graham 2021-08-02 16:39:59 UTC
Let's stick to discussing one bug in this bug report: the case of KWallet not automatically unlocking when using systemd startup (which is enabled by default on Fedora 34)
Comment 13 Timothy B 2021-08-02 17:43:16 UTC
I just created a separate bug ticket for my scenario in bug #440527. This is to fulfill the focus on Plasma setups using systemd-based startup here, as said in comment #12.
Comment 14 Jerry Kiely 2021-08-02 18:20:14 UTC
(In reply to Jerry Kiely from comment #11)
> (In reply to Nate Graham from comment #8)
> > Is this in the Wayland session only, with the X11 session unaffected? If so,
> > I can confirm. I'm on Fedora 34 and the fix worked for me on X11, but the
> > problem remains on Wayland. Is that the same situation you're in too?
> 
> I'm seeing this on one laptop running a Wayland session exclusively, and on
> two other laptops that switch between X11 and Wayland sessions, and seeing
> the issue in each.

I should have said all three laptops are running Fedora 34, and I am seeing this issue in both X11 and Wayland sessions.
Comment 15 Dennis Schridde 2021-10-01 12:01:57 UTC
I am running into the same issue with:

Operating System: Gentoo Linux 2.8
KDE Plasma Version: 5.22.5
KDE Frameworks Version: 5.86.0
Qt Version: 5.15.2
Kernel Version: 5.14.8 (64-bit)
Graphics Platform: Wayland
Processors: 8 × AMD Ryzen 5 2400G with Radeon Vega Graphics
Memory: 13,5 GiB of RAM
Graphics Processor: AMD Radeon™ Vega 11 Graphics

Sadly I cannot identify the journal entries on my system that others see.
Comment 16 Nate Graham 2021-11-08 23:21:16 UTC
*** Bug 445164 has been marked as a duplicate of this bug. ***
Comment 17 Mohammad Hisham Sayed 2021-11-18 14:36:00 UTC Comment hidden (spam)
Comment 18 David Edmundson 2021-12-05 06:50:57 UTC
>What is "PAM, error code is -9"?

It is
        return i18n("Read error - possibly incorrect password.");
Comment 19 David Edmundson 2021-12-05 06:59:19 UTC
> Jul 07 18:47:46 pbngtower1 plasma_session[1409]: org.kde.plasma.session: Starting autostart service  "/etc/xdg/autostart/pam_kwallet_init.desktop" ("/usr/lib/pam_kwallet_init")

This definitely isn't using the systemd startup. Either we have two unrelated bugs or the tag in the title is wrong,
Comment 20 Nate Graham 2022-01-14 21:40:06 UTC
Fixed by the fix for Bug 433223, but then broken again in Bug 448479. You can check that out to follow along with the current status.

*** This bug has been marked as a duplicate of bug 433223 ***