View previous topic :: View next topic |
Author |
Message |
msst Apprentice
Joined: 07 Jun 2011 Posts: 259
|
Posted: Sun Dec 20, 2015 5:37 pm Post subject: kde-plasma/kwallet-pam not working? |
|
|
Hi all,
I am trying to set this up so that I do not have to enter the password always twice. Unfortunately plasma5 comes with no config at all for this despite emerging kwallet-pam, as seen from the fact that it installs a single file only.
Code: | >>> Merging kde-plasma/kwallet-pam-5.5.1 to /
--- /lib64/
--- /lib64/security/
>>> /lib64/security/pam_kwallet5.so
>>> Safely unmerging already-installed instance...
|
This way it is not functioning at all of course and there is no mentioning of pam_kwallet5.so in /etc/pam.d, so I tried to hack it myself. This is my pam.d/sddm:
Code: | #%PAM-1.0
auth include system-login
auth optional pam_kwallet5.so
account include system-login
password include system-login
session include system-login
session optional pam_kwallet5.so auto_start
|
And the result in the log files is
Code: | Dec 20 18:09:08 core sddm-helper: pam_kwallet5(sddm:auth): (null): pam_sm_authenticate
Dec 20 18:09:08 core sddm-helper: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred
Dec 20 18:09:08 core sddm-helper: pam_unix(sddm:session): session opened for user schleusner by (uid=0)
Dec 20 18:09:11 core sddm-helper: pam_ck_connector(sddm:session): nox11 mode, ignoring PAM_TTY :0
Dec 20 18:09:11 core sddm-helper: pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session
Dec 20 18:09:11 core sddm-helper: pam_kwallet5(sddm:session): pam_kwallet5: final socket path: /tmp/kwallet5_schleusner.socket
|
Does not look too bad for me or I at least fail to see the problem, but nevertheless, kwallet pops up at each login and asks for my password the second time.
Is there something misconfigured or is this simply of the many bugs in plasma5?
What I am using here currently is QT-(~)5.5.1 and kde-{M}(~)15.12.0, but I was also trying the git-master-9999 version 2 weeks ago, on which I gave up after it failed to compile in more than 50% of the updates. But the pam_kwallet5 thing didn't work either in that version.
Any ideas? |
|
Back to top |
|
|
wltjr Retired Dev
Joined: 31 Jan 2006 Posts: 73
|
Posted: Wed Dec 30, 2015 5:04 pm Post subject: |
|
|
Looking into this myself, doing as you have done, and getting the exact same output. It seems maybe something is off with the env I tried this via command line, same thing I saw running already.
Code: | $ kwalletd5 --pam-login 9 12
Checking for pam module
Got pam-login
kwalletd: Waiting for hash on 9-
Hash or environment not received
kwalletd5 started
Migration agent starting...
Setting useNewHash to true
Wallet new enough, using new hash |
I will update if I find out anything further, but this is why its not working. |
|
Back to top |
|
|
msst Apprentice
Joined: 07 Jun 2011 Posts: 259
|
Posted: Tue Jan 05, 2016 1:18 am Post subject: |
|
|
Well, I also get basically an endless timeout trying this command
Quote: | kwalletd5: Checking for pam module
kwalletd5: Got pam-login param
kwalletd5: Waiting for hash on 9- |
Then nothing happens. Upon system login it immediately pops up the prompt. Either way, something is not working as expected here. |
|
Back to top |
|
|
wltjr Retired Dev
Joined: 31 Jan 2006 Posts: 73
|
Posted: Tue Jan 05, 2016 4:08 am Post subject: |
|
|
I think I finally got this working. Which log in manager are you using. Have you tried sddm. Its either sddm and/or newer version of kwallet, 5 in tree, ~arch. I will see about installing sddm on my laptop with kwallet slot 4 still and see if it works or not. If not that will confirm updating kwallet fixes it or sddm. I think its kwallet update that is required but could be sddm and some issue with kdm. There is no slot 4 of kwallet-pam, so probably requires kwallet 5. |
|
Back to top |
|
|
wltjr Retired Dev
Joined: 31 Jan 2006 Posts: 73
|
Posted: Wed Jan 06, 2016 2:07 pm Post subject: |
|
|
It seems at this time the kwallet-pam ebuild is bound to kde:5/plasma:5. It needs a use flag or something to allow it to build with kde:4 libraries and stuff. Thus this will never work with kde:4 on gentoo till a USE flag is added and/or kwallet/kwalletmanager is updated to slot :5 with oldwallet USE flag set on kwalletmanager. SDDM or KDM have nothing to do with it as it seems. |
|
Back to top |
|
|
msst Apprentice
Joined: 07 Jun 2011 Posts: 259
|
Posted: Sat Mar 05, 2016 8:56 pm Post subject: |
|
|
Coming back to this, I have here:
x11-misc/sddm
Available versions: (~)0.13.0-r1 (~)0.13.0-r3 {consolekit +pam systemd}
Installed versions: 0.13.0-r3(17:03:33 05.03.2016)(consolekit pam -systemd)
kde-apps/kwalletmanager
Available versions:
(4) 4.14.3(4/4.14) 15.04.3(4/15.04)
(5) (~)15.08.3-r1 (~)15.12.1 (~)15.12.2 {M}(~)15.12.2[1] **15.12.49.9999[1] **9999[1]
{aqua debug doc +handbook minimal}
Installed versions: 15.12.2(5)[1](23:57:29 18.02.2016)(handbook -debug -doc)
kde-apps/signon-kwallet-extension [1]
Available versions: (5) {M}(~)15.12.2 **15.12.49.9999 **9999
{debug}
Installed versions: 15.12.2(5)(23:26:20 18.02.2016)(-debug)
kde-frameworks/kwallet
Available versions: (5) (~)5.17.0(5/5.17) (~)5.18.0(5/5.1 (~)5.19.0(5/5.19) **9999(5/9999)[1]
{debug doc gpg test}
Installed versions: 5.19.0(5)(21:56:38 03.03.2016)(gpg -debug -doc -test)
kde-plasma/kwallet-pam
Available versions: (5) (~)5.4.3-r1 (~)5.5.4 (~)5.5.5 [M](~)5.5.95^m[1] **5.6.49.9999[1] **9999[1]
{debug}
Installed versions: 5.5.5(5)(17:34:42 05.03.2016)(-debug)
As you can see these versions are all clean plasma:5 slot versions. There is no slot 4 version of either kwallet or kwalletmanager installed. This should therefore not be a slot conflict?
It is still not working with 5.5.5, so it seems to me one of the slot5 components is not doing its work... |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Sat Mar 05, 2016 10:08 pm Post subject: |
|
|
Works fine for me, both kde-apps/kwalletd:4 with kde-apps/kwalletd-pam:4 as well as kde-frameworks/kwallet:5 with kde-plasma/kwallet-pam:5. Tested with both KDM as well as SDDM.
Did you check what kind of wallet is actually popping up at startup? |
|
Back to top |
|
|
msst Apprentice
Joined: 07 Jun 2011 Posts: 259
|
Posted: Mon Mar 07, 2016 8:15 pm Post subject: |
|
|
NetworkManager detects the wifi and wants to read the password from the system-default wallet, which has the passwords for the wifi, email etc. from this user.
I have the password to be the same as the user password that I use in sddm to login the user. |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Mon Mar 07, 2016 10:44 pm Post subject: |
|
|
If you rebuild kde-plasma/kwallet-pam:5, what's in the log at the end?
Code: | emerge -1 kde-plasma/kwallet-pam:5 |
|
|
Back to top |
|
|
msst Apprentice
Joined: 07 Jun 2011 Posts: 259
|
Posted: Mon Mar 07, 2016 11:07 pm Post subject: |
|
|
It says that my SDDM - /etc/pam.d/sddm is ...GOOD
Code: | [100%] Linking C shared library pam_kwallet5.so
/usr/bin/cmake -E cmake_link_script CMakeFiles/pam_kwallet5.dir/link.txt --verbose=1
/usr/bin/x86_64-pc-linux-gnu-gcc -fPIC -O2 -march=native -fomit-frame-pointer -pipe -Wl,-O1 -Wl,--as-needed -shared -Wl,-soname,pam_kwallet5.so -o pam_kwallet5.so CMakeFiles/pam_kwallet5.dir/pam_kwallet.c.o -lpam -ldl -lgcrypt -lgpg-error
make[2]: Leaving directory '/var/tmp/portage/kde-plasma/kwallet-pam-5.5.5/work/kwallet-pam-5.5.5_build'
[100%] Built target pam_kwallet5
make[1]: Leaving directory '/var/tmp/portage/kde-plasma/kwallet-pam-5.5.5/work/kwallet-pam-5.5.5_build'
/usr/bin/cmake -E cmake_progress_start /var/tmp/portage/kde-plasma/kwallet-pam-5.5.5/work/kwallet-pam-5.5.5_build/CMakeFiles 0
>>> Source compiled.
>>> Test phase [not enabled]: kde-plasma/kwallet-pam-5.5.5
>>> Install kwallet-pam-5.5.5 into /var/tmp/portage/kde-plasma/kwallet-pam-5.5.5/image/ category kde-plasma
>>> Working in BUILD_DIR: "/var/tmp/portage/kde-plasma/kwallet-pam-5.5.5/work/kwallet-pam-5.5.5_build"
make -j8 install
[100%] Built target pam_kwallet5
Install the project...
-- Install configuration: "Gentoo"
-- Installing: /var/tmp/portage/kde-plasma/kwallet-pam-5.5.5/image/lib64/security/pam_kwallet5.so
>>> Completed installing kwallet-pam-5.5.5 into /var/tmp/portage/kde-plasma/kwallet-pam-5.5.5/image/
strip: x86_64-pc-linux-gnu-strip --strip-unneeded -R .comment -R .GCC.command.line -R .note.gnu.gold-version
lib64/security/pam_kwallet5.so
>>> Installing (1 of 1) kde-plasma/kwallet-pam-5.5.5::gentoo
* checking 1 files for package collisions
>>> Merging kde-plasma/kwallet-pam-5.5.5 to /
--- /lib64/
--- /lib64/security/
>>> /lib64/security/pam_kwallet5.so
>>> Safely unmerging already-installed instance...
No package files given... Grabbing a set.
--- replaced obj /lib64/security/pam_kwallet5.so
--- replaced dir /lib64/security
--- replaced dir /lib64
>>> Regenerating /etc/ld.so.cache...
>>> Original instance of package unmerged safely.
*
* This package enables auto-unlocking of kde-frameworks/kwallet:5.
* List of things to make it work:
* 1. Use same password for login and kwallet
* 2. A display manager with support for PAM
* 3.a Have the following lines in the display manager's pam.d file:
* -auth optional pam_kwallet5.so
* -session optional pam_kwallet5.so auto_start
* 3.b Checking installed DMs...
* SDDM - /etc/pam.d/sddm ...GOOD
*
>>> kde-plasma/kwallet-pam-5.5.5 merged.
|
|
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Mon Mar 07, 2016 11:32 pm Post subject: |
|
|
Could you try with a clean session? (disable session restore on login in systemsettings) |
|
Back to top |
|
|
msst Apprentice
Joined: 07 Jun 2011 Posts: 259
|
Posted: Tue Mar 08, 2016 1:33 am Post subject: |
|
|
You mean Workspace->Start and Shutdown->At login->start with empty session? (I am not using english settings so this is translated)
That is what I use as the session restore does anyway not work with kde:5 applications and virtual desktops (it dumps them all on the desktop no 1 therefore I have it set on empty session). So I always start with a "clean session". |
|
Back to top |
|
|
BT Guru
Joined: 13 Jun 2004 Posts: 318
|
Posted: Sun Apr 10, 2016 7:37 am Post subject: |
|
|
Does kwallet-pam work with wallets using GPG encryption? |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Sun Apr 10, 2016 9:29 am Post subject: |
|
|
It didn't work in the beginning (known limitation), at least, but I don't know if it has changed in the meantime. |
|
Back to top |
|
|
BT Guru
Joined: 13 Jun 2004 Posts: 318
|
Posted: Sun Apr 10, 2016 10:21 am Post subject: |
|
|
That's what I suspected. Previously with KDE 4 I used seperate passwords for login and wallet and I had no issues. However with Plasma 5 I'm always prompted for the wallet password immediately after login. This is very annoying, so I attempted to workaround this by enabling wallet auto-unlocking. Is there anyway to prevent kwallet prompting for the password after login without disabling the kwallet subsystem?
Last edited by BT on Sun Apr 10, 2016 11:06 am; edited 1 time in total |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Sun Apr 10, 2016 10:50 am Post subject: |
|
|
Well, what application is requesting the wallet? |
|
Back to top |
|
|
BT Guru
Joined: 13 Jun 2004 Posts: 318
|
Posted: Sun Apr 10, 2016 11:05 am Post subject: |
|
|
Chromium is the only application that stores passwords in the wallet. The request happens during the splash screen immediately after login, so I don't think it's Chromium. However based on my experience with KDE 4, I believe the actual request is being made by KWalletManager. |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Sun Apr 10, 2016 11:06 am Post subject: |
|
|
The actual password dialog tells you what application wants to access it. |
|
Back to top |
|
|
BT Guru
Joined: 13 Jun 2004 Posts: 318
|
Posted: Sun Apr 10, 2016 11:11 am Post subject: |
|
|
I only get a pinentry passphrase dialog for the GPG key, and it doesn't mention which application is making the request. |
|
Back to top |
|
|
BT Guru
Joined: 13 Jun 2004 Posts: 318
|
Posted: Mon Apr 11, 2016 9:57 am Post subject: |
|
|
I have stoped the pinentry request immediately after login by commenting out the following in /etc/pam.d/sddm:
Code: | -auth optional pam_kwallet5.so
-session optional pam_kwallet5.so auto_start |
Now the pinentry request is only made when I start Chromium, which is how it worked for me in KDE 4.
Last edited by BT on Mon Apr 11, 2016 12:10 pm; edited 1 time in total |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Mon Apr 11, 2016 12:06 pm Post subject: |
|
|
Interesting, so in that case kwallet-pam worked in the exact opposite direction of what it originally intended |
|
Back to top |
|
|
|