Arch Linux

hypeit

Member

Registered: 2023-05-14

Posts: 8

Auto unlocking kdewallet

Hi all,

I am referring to https://wiki.archlinux.org/title/KDE_Wa … y_on_login.

What I want to achieve is to have autologin in sddm enabled, I have:

❯ sudo cat /etc/sddm.conf.d/kde_settings.conf
[Autologin]
Relogin=false
Session=plasmawayland
User=hypeit

The output of journalctl is:

maj 14 08:35:17 hypeitpc sddm-helper[521]: pam_kwallet5(sddm-autologin:auth): pam_kwallet5: pam_sm_authenticate
maj 14 08:35:17 hypeitpc sddm-helper[521]: pam_kwallet5(sddm-autologin:auth): pam_kwallet5: Couldn't get password (it is empty)
maj 14 08:35:17 hypeitpc sddm-helper[521]: pam_kwallet5(sddm-autologin:auth): pam_kwallet5: Empty or missing password, doing nothing
maj 14 08:35:17 hypeitpc sddm-helper[521]: pam_kwallet5(sddm-autologin:setcred): pam_kwallet5: pam_sm_setcred
maj 14 08:35:17 hypeitpc sddm-helper[521]: pam_kwallet5(sddm-autologin:session): pam_kwallet5: pam_sm_open_session
maj 14 08:35:17 hypeitpc sddm-helper[521]: pam_kwallet5(sddm-autologin:session): pam_kwallet5: open_session called without kwallet5_key

It is because pw is nowhere to be found. I tried using pam_autologin as described in https://wiki.archlinux.org/title/Pam_autologin which is referred in https://wiki.archlinux.org/title/KDE_Wa … y_on_login.

My question is: Is my reasoning correct? Is it achievable?
If yes then should I change somethiung here?

❯ sudo grep 'pam_kwallet5.so'  /etc/pam.d/*
[sudo] password for hypeit:
/etc/pam.d/sddm:-auth       optional    pam_kwallet5.so
/etc/pam.d/sddm:-session    optional    pam_kwallet5.so         auto_start
/etc/pam.d/sddm-autologin:-auth       optional    pam_kwallet5.so
/etc/pam.d/sddm-autologin:-session    optional    pam_kwallet5.so auto_start

Many thanks in advance

Last edited by hypeit (2023-05-14 08:21:41)

V1del

Forum Moderator

Registered: 2012-10-16

Posts: 23,923

Re: Auto unlocking kdewallet

You can't. For the kwallet integration to work you need to provide the password at some point. If you don't and want the wallet unlocked indefinitely makes the wallet pointless and you could just set an empty wallet password, which means all wallet creds are freely accessible

hypeit

Member

Registered: 2023-05-14

Posts: 8

Re: Auto unlocking kdewallet

Okay so if I understand correctly the /etc/sddm.conf.d/kde_settings.conf just tells sddm to not require any password on login not to use the one it would potentially have had stored? Am I right on that?

Another thing I just read in the readme of the module is that pam_autologin does not work with sddm but only with tty or gnome keyring right?

V1del

Forum Moderator

Registered: 2012-10-16

Posts: 23,923

Re: Auto unlocking kdewallet

Yes, if you use autologin in SDDMyou can't auto unlock kwallet as kwallet needs the password you pass to PAM.

FWIW first time I'm seeing pam_autologin in such a context if it does cache the PW properly it should work with kwallet as well

Last edited by V1del (2023-05-14 12:05:29)

hypeit

Member

Registered: 2023-05-14

Posts: 8

Re: Auto unlocking kdewallet

Any examples on how to use it?

seth

Member

Registered: 2012-09-03

Posts: 60,859

Re: Auto unlocking kdewallet

It's explained in the wiki - at what step do you struggle?
nb. that you'll still have to login once, the login is merely re-used on reboots.

/etc/security/autologin.conf will contain the user that gets auto-logged in and you need to add it to /etc/pam.d/sddm

PSA:
Open a root shell on a different VT and keep that open until you checked that your pam edits didn't lock you out of the system unless you're ready to fix teh system from a live distro.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

hypeit

Member

Registered: 2023-05-14

Posts: 8

Re: Auto unlocking kdewallet

Okay I must be missing something, I removed

[Autologin]
Relogin=false
Session=plasmawayland
User=hypeit
from kde settings, then enabled pam_autologin, the user login and pw were saved to autologin.conf, then I reenabled autologin in sddm, but the password still does not get passed from pam_autologin to pam_kwallet5 :\

❯ sudo du -sh  /etc/security/autologin.conf
[sudo] password for hypeit:
4.0K    /etc/security/autologin.conf
❯ sudo ls -lat  /etc/security/autologin.conf
-rw------- 1 root root 20 maj 14 15:39 /etc/security/autologin.conf
❯ sudo cat /etc/sddm.conf.d/kde_settings.conf
[Autologin]
Relogin=false
Session=plasmawayland
User=hypeit

[General]
HaltCommand=/usr/bin/systemctl poweroff
RebootCommand=/usr/bin/systemctl reboot

[Theme]
Current=Nordic-darker

[Users]
MaximumUid=60513
MinimumUid=1000

❯ sudo grep -A 1 -n  'pam_autologin.so'  /etc/pam.d/*
/etc/pam.d/login:2:auth       required     pam_autologin.so
/etc/pam.d/login-3-auth       required     pam_securetty.so
--
/etc/pam.d/sddm:2:auth        required    pam_autologin.so always
/etc/pam.d/sddm-3--auth       optional    pam_kwallet5.so

journal shows exactly no difference to when pam autologin was not enabled

journalctl -b | grep pam_autologin

maj 14 15:57:13 hypeitpc dbus-daemon[463]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.service' requested by ':1.63' (uid=0 pid=2275 comm="sudo grep -A 2 pam_autologin.so /etc/pam.d/chage /")
maj 14 15:57:13 hypeitpc sudo[2275]:   hypeit : TTY=pts/0 ; PWD=/home/hypeit ; USER=root ; COMMAND=/usr/bin/grep -A 2 pam_autologin.so /etc/pam.d/chage /etc/pam.d/chfn /etc/pam.d/chgpasswd /etc/pam.d/chpasswd /etc/pam.d/chsh /etc/pam.d/crond /etc/pam.d/cups /etc/pam.d/groupadd /etc/pam.d/groupdel /etc/pam.d/groupmems /etc/pam.d/groupmod /etc/pam.d/kde /etc/pam.d/login /etc/pam.d/newusers /etc/pam.d/other /etc/pam.d/passwd /etc/pam.d/polkit-1 /etc/pam.d/runuser /etc/pam.d/runuser-l /etc/pam.d/samba /etc/pam.d/sddm /etc/pam.d/sddm-autologin /etc/pam.d/sddm-greeter /etc/pam.d/shadow /etc/pam.d/sshd /etc/pam.d/su /etc/pam.d/sudo /etc/pam.d/su-l /etc/pam.d/system-auth /etc/pam.d/systemd-user /etc/pam.d/system-local-login /etc/pam.d/system-login /etc/pam.d/system-remote-login /etc/pam.d/system-services /etc/pam.d/useradd /etc/pam.d/userdel /etc/pam.d/usermod /etc/pam.d/vlock
maj 14 15:57:46 hypeitpc dbus-daemon[463]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.service' requested by ':1.64' (uid=0 pid=2312 comm="sudo grep -A 1 -n pam_autologin.so /etc/pam.d/chag")
maj 14 15:57:46 hypeitpc sudo[2312]:   hypeit : TTY=pts/0 ; PWD=/home/hypeit ; USER=root ; COMMAND=/usr/bin/grep -A 1 -n pam_autologin.so /etc/pam.d/chage /etc/pam.d/chfn /etc/pam.d/chgpasswd /etc/pam.d/chpasswd /etc/pam.d/chsh /etc/pam.d/crond /etc/pam.d/cups /etc/pam.d/groupadd /etc/pam.d/groupdel /etc/pam.d/groupmems /etc/pam.d/groupmod /etc/pam.d/kde /etc/pam.d/login /etc/pam.d/newusers /etc/pam.d/other /etc/pam.d/passwd /etc/pam.d/polkit-1 /etc/pam.d/runuser /etc/pam.d/runuser-l /etc/pam.d/samba /etc/pam.d/sddm /etc/pam.d/sddm-autologin /etc/pam.d/sddm-greeter /etc/pam.d/shadow /etc/pam.d/sshd /etc/pam.d/su /etc/pam.d/sudo /etc/pam.d/su-l /etc/pam.d/system-auth /etc/pam.d/systemd-user /etc/pam.d/system-local-login /etc/pam.d/system-login /etc/pam.d/system-remote-login /etc/pam.d/system-services /etc/pam.d/useradd /etc/pam.d/userdel /etc/pam.d/usermod /etc/pam.d/vlock
maj 14 16:05:09 hypeitpc dbus-daemon[463]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.service' requested by ':1.70' (uid=0 pid=2974 comm="sudo grep -A 1 -n pam_autologin.so /etc/pam.d/chag")
maj 14 16:05:09 hypeitpc sudo[2974]:   hypeit : TTY=pts/0 ; PWD=/home/hypeit ; USER=root ; COMMAND=/usr/bin/grep -A 1 -n pam_autologin.so /etc/pam.d/chage /etc/pam.d/chfn /etc/pam.d/chgpasswd /etc/pam.d/chpasswd /etc/pam.d/chsh /etc/pam.d/crond /etc/pam.d/cups /etc/pam.d/groupadd /etc/pam.d/groupdel /etc/pam.d/groupmems /etc/pam.d/groupmod /etc/pam.d/kde /etc/pam.d/login /etc/pam.d/newusers /etc/pam.d/other /etc/pam.d/passwd /etc/pam.d/polkit-1 /etc/pam.d/runuser /etc/pam.d/runuser-l /etc/pam.d/samba /etc/pam.d/sddm /etc/pam.d/sddm-autologin /etc/pam.d/sddm-greeter /etc/pam.d/shadow /etc/pam.d/sshd /etc/pam.d/su /etc/pam.d/sudo /etc/pam.d/su-l /etc/pam.d/system-auth /etc/pam.d/systemd-user /etc/pam.d/system-local-login /etc/pam.d/system-login /etc/pam.d/system-remote-login /etc/pam.d/system-services /etc/pam.d/useradd /etc/pam.d/userdel /etc/pam.d/usermod /etc/pam.d/vlock
maj 14 16:12:02 hypeitpc dbus-daemon[463]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.service' requested by ':1.76' (uid=0 pid=3724 comm="sudo grep -A 1 -n pam_autologin.so /etc/pam.d/chag")
maj 14 16:12:02 hypeitpc sudo[3724]:   hypeit : TTY=pts/0 ; PWD=/home/hypeit ; USER=root ; COMMAND=/usr/bin/grep -A 1 -n pam_autologin.so /etc/pam.d/chage /etc/pam.d/chfn /etc/pam.d/chgpasswd /etc/pam.d/chpasswd /etc/pam.d/chsh /etc/pam.d/crond /etc/pam.d/cups /etc/pam.d/groupadd /etc/pam.d/groupdel /etc/pam.d/groupmems /etc/pam.d/groupmod /etc/pam.d/kde /etc/pam.d/login /etc/pam.d/newusers /etc/pam.d/other /etc/pam.d/passwd /etc/pam.d/polkit-1 /etc/pam.d/runuser /etc/pam.d/runuser-l /etc/pam.d/samba /etc/pam.d/sddm /etc/pam.d/sddm-autologin /etc/pam.d/sddm-greeter /etc/pam.d/shadow /etc/pam.d/sshd /etc/pam.d/su /etc/pam.d/sudo /etc/pam.d/su-l /etc/pam.d/system-auth /etc/pam.d/systemd-user /etc/pam.d/system-local-login /etc/pam.d/system-login /etc/pam.d/system-remote-login /etc/pam.d/system-services /etc/pam.d/useradd /etc/pam.d/userdel /etc/pam.d/usermod /etc/pam.d/vlock
❯ journalctl -b | grep pam_kwallet

maj 14 15:54:52 hypeitpc sddm-helper[515]: pam_kwallet5(sddm-autologin:auth): pam_kwallet5: pam_sm_authenticate
maj 14 15:54:52 hypeitpc sddm-helper[515]: pam_kwallet5(sddm-autologin:auth): pam_kwallet5: Couldn't get password (it is empty)
maj 14 15:54:52 hypeitpc sddm-helper[515]: pam_kwallet5(sddm-autologin:auth): pam_kwallet5: Empty or missing password, doing nothing
maj 14 15:54:52 hypeitpc sddm-helper[515]: pam_kwallet5(sddm-autologin:setcred): pam_kwallet5: pam_sm_setcred
maj 14 15:54:52 hypeitpc sddm-helper[515]: pam_kwallet5(sddm-autologin:session): pam_kwallet5: pam_sm_open_session
maj 14 15:54:52 hypeitpc sddm-helper[515]: pam_kwallet5(sddm-autologin:session): pam_kwallet5: open_session called without kwallet5_key

Maybe it is looking for the pw in sddm-autologin.pam not sddm.pam?

#%PAM-1.0
auth        required    pam_env.so
auth        required    pam_faillock.so preauth
auth        required    pam_shells.so
auth        required    pam_nologin.so
auth        required    pam_permit.so
-auth       optional    pam_gnome_keyring.so
-auth       optional    pam_kwallet5.so
account     include     system-local-login
password    include     system-local-login
session     include     system-local-login
-session    optional    pam_gnome_keyring.so auto_start
-session    optional    pam_kwallet5.so auto_start

Am I misinterpreting something?

Last edited by hypeit (2023-05-14 14:14:37)

seth

Member

Registered: 2012-09-03

Posts: 60,859

Re: Auto unlocking kdewallet

then I reenabled autologin in sddm

Don't.
This bypasses the entire login process.
You want sddm to use pam_autologin.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

hypeit

Member

Registered: 2023-05-14

Posts: 8

Re: Auto unlocking kdewallet

That is what I did in my first attempt at 15:57:13.
By then the 
[Autologin]
Relogin=false
Session=plasmawayland
User=hypeit
lines were commened out and the pam_autologin.so was enabled in both /etc/pam.d/login and /etc/pam.d/sddm as in

❯ sudo grep -A 1 -n  'pam_autologin.so'  /etc/pam.d/*
/etc/pam.d/login:2:auth       required     pam_autologin.so
/etc/pam.d/login-3-auth       required     pam_securetty.so
--
/etc/pam.d/sddm:2:auth        required    pam_autologin.so always
/etc/pam.d/sddm-3--auth       optional    pam_kwallet5.so

The autologin did not work, since I had to type my password on login which if I understood correctly is to be parsed from /etc/security/autologin.conf, isn't it?

seth

Member

Registered: 2012-09-03

Posts: 60,859

Re: Auto unlocking kdewallet

Are you soemhow spellbound to sddm?
If you want to autologin anyway, you could skip the DM, autologin on the console, https://wiki.archlinux.org/title/Getty# … al_console and start your GUI session from there, https://wiki.archlinux.org/title/KDE#From_the_console
Then use pam_autologin w/ pam.d/login sidestep "how do I make SDDM tapping into pam w/o asking me for my password first)

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

hypeit

Member

Registered: 2023-05-14

Posts: 8

Re: Auto unlocking kdewallet

Okay you are right I am leaving it there, after all it's not so irritating after all.
I was just curious if it is achievable, just for someone reading it I am leaving the config which results in autounlock of kdewallet but being asked for pw on login, maybe it'll save some time for someone else.

❯ ll /etc/security/autologin.conf
-rw------- 1 root root 20 maj 14 17:48 /etc/security/autologin.conf
❯ sudo cat /etc/security/autologin.conf
[sudo] password for hypeit:
\▒.cM9▒˾?B+%
❯ journalctl -b | grep pam_kwallet

maj 14 17:49:44 hypeitpc sddm-helper[596]: pam_kwallet5(sddm:auth): pam_kwallet5: pam_sm_authenticate
maj 14 17:49:44 hypeitpc sddm-helper[596]: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred
maj 14 17:49:44 hypeitpc sddm-helper[596]: pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session
maj 14 17:49:44 hypeitpc sddm-helper[616]: pam_kwallet5: final socket path: /run/user/1000/kwallet5.socket
❯ journalctl -b | grep pam_autologin

❯ journalctl -b | grep autologin

maj 14 17:50:05 hypeitpc dbus-daemon[478]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.service' requested by ':1.60' (uid=0 pid=1555 comm="sudo cat /etc/security/autologin.conf")
maj 14 17:50:07 hypeitpc sudo[1555]:   hypeit : TTY=pts/0 ; PWD=/home/hypeit ; USER=root ; COMMAND=/usr/bin/cat /etc/security/autologin.conf

❯ sudo grep -A 1 -n  'pam_autologin.so'  /etc/pam.d/*
/etc/pam.d/login:2:auth       required     pam_autologin.so
/etc/pam.d/login-3-auth       required     pam_securetty.so
--
/etc/pam.d/sddm:2:#auth        required    pam_autologin.so - commented out in second line 
/etc/pam.d/sddm-3-auth        include     system-login
--
/etc/pam.d/sddm-autologin:2:auth        required    pam_autologin.so
/etc/pam.d/sddm-autologin-3-auth        required    pam_env.so

Thanks for help anyway

Have a nice day

Last edited by hypeit (2023-05-14 15:59:53)

hypeit

Member

Registered: 2023-05-14

Posts: 8

Re: Auto unlocking kdewallet

Maybe it is looking for the pw in sddm-autologin.pam not sddm.pam?

#%PAM-1.0
auth        required    pam_env.so
auth        required    pam_faillock.so preauth
auth        required    pam_shells.so
auth        required    pam_nologin.so
auth        required    pam_permit.so
-auth       optional    pam_gnome_keyring.so
-auth       optional    pam_kwallet5.so
account     include     system-local-login
password    include     system-local-login
session     include     system-local-login
-session    optional    pam_gnome_keyring.so auto_start
-session    optional    pam_kwallet5.so auto_start

Am I misinterpreting something?

Just FYI, gave it last one shot and it turned out to be the solution.

Once again

Thank you

seth

Member

Registered: 2012-09-03

Posts: 60,859

Re: Auto unlocking kdewallet

\o/

Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc