509680 – org.freedesktop.impl.portal.desktop.kwallet.service breaks kwallet-pam

Bug 509680 - org.freedesktop.impl.portal.desktop.kwallet.service breaks kwallet-pam

Summary: org.freedesktop.impl.portal.desktop.kwallet.service breaks kwallet-pam

Status:	REPORTED

Alias:	None

Product:	frameworks-kwallet
Classification:	Frameworks and Libraries
Component:	general (other bugs)
Version First Reported In:	6.18.0
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Valentin Rusu

URL:
Keywords:	regression

Depends on:
Blocks:

Reported:	2025-09-19 14:29 UTC by Tobias Leupold
Modified:	2025-09-23 01:38 UTC (History)
CC List:	9 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Tobias Leupold 2025-09-19 14:29:40 UTC

Hi all,

since v6.18.0, kwallet ships a file named org.freedesktop.impl.portal.desktop.kwallet.service. The presence of this file breaks automatic wallet unlocking via kwallet-pam. Right after logging in, the user is asked to enter the wallet password, although kwallet-pam is properly set up.

Both downgrading to v6.17.0 and removing said file makes the automatic unlocking work again.

Cf. also the following Artix Linux forum post: https://forum.artixlinux.org/index.php/topic,8676.0.html

Thanks in advance for fixing this!

Cheers, Tobias

Comment 1 Tobias Leupold 2025-09-19 14:40:49 UTC

The bugfix that apparently caused this regression is https://bugs.kde.org/show_bug.cgi?id=508870

Comment 2 michaelk83 2025-09-19 17:50:10 UTC

There's no obvious reason why this file should break kwallet-pam. Only thing I can think of is a race condition between the Secret Portal and PAM, as has been suggested in the linked forum thread. I.e. something launching the wallet via the portal before PAM has a chance to unlock it. But that doesn't sound likely to me.

Comment 3 Tobias Leupold 2025-09-19 18:13:54 UTC

At least, the password dialog appears when it should not. With this file being present, one gets the password dialog after logging in, and simply deleting it makes everything work again as before – same version of kwallet, no downgrade. No password dialog without the file.

Well, maybe kwallet-pam does work, but something queries kwallet before kwallet-pam is able to unlock kwallet, so that the password dialog pops up after logging in. Maybe kwallet-pam does unlock the wallet right after the dialog pops up, but it does pop up – and kwallet-pam's only job is to prevent this.

I would love to help debugging this, if you tell me what to do. I didn't find any logs or anything that could help tracking down what happens under the hood ...

Comment 4 CarlosE 2025-09-23 01:38:50 UTC

I can reproduce this (also on Artix Linux), and a race condition seems like the cause:

Before moving the dbus service file:
$ pgrep -la ksecretd
12886 /usr/bin/ksecretd

After moving the dbus service file:
$ pgrep -la ksecretd
8441 /usr/bin/ksecretd --pam-login 13 14

With `execsnoop' I see ksecretd with --pam-login is started in both cases (as a child of `sddm-helper') but ksecretd forked from dbus-daemon races ahead of it and the one with --pam-login dies.