Arch Linux

smsxgli

Member

Registered: 2020-02-18

Posts: 7

Cannot unlock KWallet automatically without display manager[SOLVED]

I'm using xorg-xinit to start plasma instead of any display manager. Following the Arch Wiki, I haved installed kwallet-pam, added two line to the /etc/pam.d/login file, and it looks as follow:

#%PAM-1.0

auth       required     pam_securetty.so
auth       requisite    pam_nologin.so
auth       include      system-local-login
auth       optional     pam_kwallet5.so

account    include      system-local-login

session    include      system-local-login
session    optional     pam_kwallet5.so auto_start 

I'm sure I have created a wallet named kdewallet and this wallet is the only one. It's password is the same as the current user password, and it use standard blowfish encryption.
What's more, I am not using auto login.

But after reboot, I still have to unlock KWallet manually. What else should I do?

output of uname -a

Linux arch-thinkpad 5.5.4-1-ck-broadwell #1 SMP PREEMPT Sun, 16 Feb 2020 23:23:31 +0000 x86_64 GNU/Linux

output of journalctl -b | grep kwallet

Feb 18 17:29:50 arch-thinkpad login[467]: pam_kwallet5(login:auth): (null): pam_sm_authenticate
Feb 18 17:29:51 arch-thinkpad login[467]: pam_kwallet5(login:setcred): pam_kwallet5: pam_sm_setcred
Feb 18 17:29:51 arch-thinkpad login[467]: pam_kwallet5(login:session): pam_kwallet5: pam_sm_open_session
Feb 18 17:29:51 arch-thinkpad login[467]: pam_kwallet5(login:session): pam_kwallet5: not a graphical session, skipping. Use force_run parameter to ignore this.
Feb 18 17:29:51 arch-thinkpad login[467]: pam_kwallet5(login:setcred): pam_kwallet5: pam_sm_setcred
Feb 18 17:29:54 arch-thinkpad login[467]: pam_kwallet5(login:setcred): pam_kwallet5: pam_sm_setcred
Feb 18 17:29:54 arch-thinkpad login[467]: pam_kwallet5(login:session): pam_kwallet5: pam_sm_close_session
Feb 18 17:30:01 arch-thinkpad login[446]: pam_kwallet5(login:auth): (null): pam_sm_authenticate
Feb 18 17:30:01 arch-thinkpad login[446]: pam_kwallet5(login:setcred): pam_kwallet5: pam_sm_setcred
Feb 18 17:30:01 arch-thinkpad login[446]: pam_kwallet5(login:session): pam_kwallet5: pam_sm_open_session
Feb 18 17:30:01 arch-thinkpad login[446]: pam_kwallet5(login:session): pam_kwallet5: not a graphical session, skipping. Use force_run parameter to ignore this.
Feb 18 17:30:01 arch-thinkpad login[446]: pam_kwallet5(login:setcred): pam_kwallet5: pam_sm_setcred
Feb 18 17:30:07 arch-thinkpad dbus-daemon[544]: [session uid=1000 pid=544] Activating service name='org.kde.kwalletd5' requested by ':1.11' (uid=1000 pid=566 comm="kded5 ")
Feb 18 17:30:07 arch-thinkpad dbus-daemon[544]: [session uid=1000 pid=544] Successfully activated service 'org.kde.kwalletd5'
Feb 18 17:30:08 arch-thinkpad kwalletd5[748]: Application ' "kded5" ' using kwallet without parent window!

~/.xinitrc:

#!/bin/sh

userresources=$HOME/.Xresources
usermodmap=$HOME/.Xmodmap
sysresources=/etc/X11/xinit/.Xresources
sysmodmap=/etc/X11/xinit/.Xmodmap

# merge in defaults and keymaps

if [ -f $sysresources ]; then







    xrdb -merge $sysresources

fi

if [ -f $sysmodmap ]; then
    xmodmap $sysmodmap
fi

if [ -f "$userresources" ]; then







    xrdb -merge "$userresources"

fi

if [ -f "$usermodmap" ]; then
    xmodmap "$usermodmap"
fi

# start some nice programs

if [ -d /etc/X11/xinit/xinitrc.d ] ; then
 for f in /etc/X11/xinit/xinitrc.d/?*.sh ; do
  [ -x "$f" ] && . "$f"
 done
 unset f
fi

exec startplasma-x11

Thanks!

Last edited by smsxgli (2020-05-04 06:30:03)

Slithery

Administrator

From: Norfolk, UK

Registered: 2013-12-01

Posts: 5,776

Re: Cannot unlock KWallet automatically without display manager[SOLVED]

Post your ~/.xinitrc

---

No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

smsxgli

Member

Registered: 2020-02-18

Posts: 7

Re: Cannot unlock KWallet automatically without display manager[SOLVED]

Post your ~/.xinitrc

Thanks you, and I update my question now.
I just copy it from /etc/X11/xinit/xinitrc and edit the exec lines.

Last edited by smsxgli (2020-02-18 10:25:43)

arojas

Developer

From: Spain

Registered: 2011-10-09

Posts: 2,150

Re: Cannot unlock KWallet automatically without display manager[SOLVED]

Feb 18 17:30:01 arch-thinkpad login[446]: pam_kwallet5(login:session): pam_kwallet5: not a graphical session, skipping. Use force_run parameter to ignore this.

This is quite self-explanatory...

smsxgli

Member

Registered: 2020-02-18

Posts: 7

Re: Cannot unlock KWallet automatically without display manager[SOLVED]

Do you mean should I replace

session    optional     pam_kwallet5.so auto_start

with

session    optional     pam_kwallet5.so force_run

or with

session    optional     pam_kwallet5.so auto_start force_run

I have tried both, but still does not work. I would like to post the related system log later.

smsxgli

Member

Registered: 2020-02-18

Posts: 7

Re: Cannot unlock KWallet automatically without display manager[SOLVED]

Do you mean should I replace

session    optional     pam_kwallet5.so auto_start

with

session    optional     pam_kwallet5.so force_run

or with

session    optional     pam_kwallet5.so auto_start force_run

I have tried both, but still does not work. I would like to post the related system log later.

This is new /etc/pam.d/login

#%PAM-1.0

auth       required     pam_securetty.so
auth       requisite    pam_nologin.so
auth       include      system-local-login

auth       optional     pam_kwallet5.so

account    include      system-local-login

session    include      system-local-login

session    optional     pam_kwallet5.so auto_start force_run

And the output of journalctl -b | grep kwallet

Feb 19 13:19:37 arch-thinkpad login[438]: pam_kwallet5(login:auth): (null): pam_sm_authenticate
Feb 19 13:19:37 arch-thinkpad login[438]: pam_kwallet5(login:setcred): pam_kwallet5: pam_sm_setcred
Feb 19 13:19:37 arch-thinkpad kernel: audit: type=1105 audit(1582089577.805:38): pid=438 uid=0 auid=1000 ses=1 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_unix,pam_permit,pam_mail,pam_systemd,pam_env,pam_kwallet5 acct="smsxgli" exe="/usr/bin/login" hostname=arch-thinkpad addr=? terminal=tty1 res=success'
Feb 19 13:19:37 arch-thinkpad audit[438]: USER_START pid=438 uid=0 auid=1000 ses=1 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_unix,pam_permit,pam_mail,pam_systemd,pam_env,pam_kwallet5 acct="smsxgli" exe="/usr/bin/login" hostname=arch-thinkpad addr=? terminal=tty1 res=success'
Feb 19 13:19:37 arch-thinkpad login[438]: pam_kwallet5(login:session): pam_kwallet5: pam_sm_open_session
Feb 19 13:19:37 arch-thinkpad login[473]: pam_kwallet5: final socket path: /run/user/1000/kwallet5.socket
Feb 19 13:19:37 arch-thinkpad login[473]: pam_kwallet5-kwalletd: Couldn't listen in socket
Feb 19 13:19:37 arch-thinkpad login[438]: pam_kwallet5(login:session): pam_kwallet5: Couldn't fork to execv kwalletd
Feb 19 13:19:37 arch-thinkpad login[438]: pam_kwallet5(login:setcred): pam_kwallet5: pam_sm_setcred
Feb 19 13:19:43 arch-thinkpad dbus-daemon[524]: [session uid=1000 pid=524] Activating service name='org.kde.kwalletd5' requested by ':1.10' (uid=1000 pid=548 comm="kded5 ")
Feb 19 13:19:43 arch-thinkpad dbus-daemon[524]: [session uid=1000 pid=524] Successfully activated service 'org.kde.kwalletd5'
Feb 19 13:19:44 arch-thinkpad kwalletd5[670]: Application ' "kded5" ' using kwallet without parent window!

Does this error pam_kwallet5: Couldn't fork to execv kwalletd lead to this unexpected behavior? Or something else?

schenkst

Member

Registered: 2020-02-22

Posts: 1

Re: Cannot unlock KWallet automatically without display manager[SOLVED]

I might have a similar problem with a display manager (sddm). Since a few days i too have to unlock the kwallet manually after login on one of my two arch installations. The other one works fine. Both have identical pam configurations, but the kwalletd seem to be started differently. At the moment it looks to me like a race condition during the start of kde/plasma:

• If kwallet is needed early (because i have automatic connection to wifi enabled) i get the password dialog and kwallet seems to be started via dbus request

• If i disable automatic connection to the wifi the kwallet unlocks just fine

Assuming you also automatically connect to a network via plasma-nm/NetworkManager, can you check whether automatically unlocking the kwallet works for you if you switch the network connection to manual?

smsxgli

Member

Registered: 2020-02-18

Posts: 7

Re: Cannot unlock KWallet automatically without display manager[SOLVED]

I might have a similar problem with a display manager (sddm). Since a few days i too have to unlock the kwallet manually after login on one of my two arch installations. The other one works fine. Both have identical pam configurations, but the kwalletd seem to be started differently. At the moment it looks to me like a race condition during the start of kde/plasma:

• If kwallet is needed early (because i have automatic connection to wifi enabled) i get the password dialog and kwallet seems to be started via dbus request

• If i disable automatic connection to the wifi the kwallet unlocks just fine

Assuming you also automatically connect to a network via plasma-nm/NetworkManager, can you check whether automatically unlocking the kwallet works for you if you switch the network connection to manual?

Yes, I  automatically connect to a network via plasma-nm/NetworkManager.
But saddly, even i disable the automatic connection to wifi, I still have to unlock kwallet manually.
And the system log is the same as before.
For me, SDDM worked fine with kwallet. It automatically unlock with plasma-nm automatically connection.
For the rootless xorg, I give up SDDM

Last edited by smsxgli (2020-02-23 08:15:09)

smsxgli

Member

Registered: 2020-02-18

Posts: 7

Re: Cannot unlock KWallet automatically without display manager[SOLVED]

I might have a similar problem with a display manager (sddm). Since a few days i too have to unlock the kwallet manually after login on one of my two arch installations. The other one works fine. Both have identical pam configurations, but the kwalletd seem to be started differently. At the moment it looks to me like a race condition during the start of kde/plasma:

• If kwallet is needed early (because i have automatic connection to wifi enabled) i get the password dialog and kwallet seems to be started via dbus request

• If i disable automatic connection to the wifi the kwallet unlocks just fine

Assuming you also automatically connect to a network via plasma-nm/NetworkManager, can you check whether automatically unlocking the kwallet works for you if you switch the network connection to manual?

Yes, I  automatically connect to a network via plasma-nm/NetworkManager.
But saddly, even i disable the automatic connection to wifi, I still have to unlock kwallet manually.
And the system log is the same as before.
For me, SDDM worked fine with kwallet. It automatically unlock with plasma-nm automatically connection.
For the rootless xorg, I give up SDDM

Thanks to this answer, as this said, using the patch finally can kwallet unlock from tty automatically.
I wonder how long will the upstream fix this problem

Update
Upstream fixed this problem in kwallet-pam-5.21.0.

Last edited by smsxgli (2021-02-18 01:18:09)