Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
kde-plasma/kwallet-pam not working?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
msst
Apprentice
Apprentice


Joined: 07 Jun 2011
Posts: 213

PostPosted: Sun Dec 20, 2015 5:37 pm    Post subject: kde-plasma/kwallet-pam not working? Reply with quote

Hi all,

I am trying to set this up so that I do not have to enter the password always twice. Unfortunately plasma5 comes with no config at all for this despite emerging kwallet-pam, as seen from the fact that it installs a single file only.

Code:
>>> Merging kde-plasma/kwallet-pam-5.5.1 to /
--- /lib64/
--- /lib64/security/
>>> /lib64/security/pam_kwallet5.so
>>> Safely unmerging already-installed instance...


This way it is not functioning at all of course and there is no mentioning of pam_kwallet5.so in /etc/pam.d, so I tried to hack it myself. This is my pam.d/sddm:
Code:
#%PAM-1.0

auth            include         system-login
auth            optional        pam_kwallet5.so
account         include         system-login
password        include         system-login
session         include         system-login
session         optional        pam_kwallet5.so auto_start


And the result in the log files is

Code:
Dec 20 18:09:08 core sddm-helper: pam_kwallet5(sddm:auth): (null): pam_sm_authenticate
Dec 20 18:09:08 core sddm-helper: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred
Dec 20 18:09:08 core sddm-helper: pam_unix(sddm:session): session opened for user schleusner by (uid=0)
Dec 20 18:09:11 core sddm-helper: pam_ck_connector(sddm:session): nox11 mode, ignoring PAM_TTY :0
Dec 20 18:09:11 core sddm-helper: pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session
Dec 20 18:09:11 core sddm-helper: pam_kwallet5(sddm:session): pam_kwallet5: final socket path: /tmp/kwallet5_schleusner.socket


Does not look too bad for me or I at least fail to see the problem, but nevertheless, kwallet pops up at each login and asks for my password the second time.

Is there something misconfigured or is this simply of the many bugs in plasma5?

What I am using here currently is QT-(~)5.5.1 and kde-{M}(~)15.12.0, but I was also trying the git-master-9999 version 2 weeks ago, on which I gave up after it failed to compile in more than 50% of the updates. But the pam_kwallet5 thing didn't work either in that version.

Any ideas?
Back to top
View user's profile Send private message
wltjr
Retired Dev
Retired Dev


Joined: 31 Jan 2006
Posts: 73

PostPosted: Wed Dec 30, 2015 5:04 pm    Post subject: Reply with quote

Looking into this myself, doing as you have done, and getting the exact same output. It seems maybe something is off with the env I tried this via command line, same thing I saw running already.

Code:
$ kwalletd5 --pam-login 9 12
Checking for pam module
Got pam-login
kwalletd: Waiting for hash on 9-
Hash or environment not received
kwalletd5 started
Migration agent starting...
Setting useNewHash to true
Wallet new enough, using new hash


I will update if I find out anything further, but this is why its not working.
Back to top
View user's profile Send private message
msst
Apprentice
Apprentice


Joined: 07 Jun 2011
Posts: 213

PostPosted: Tue Jan 05, 2016 1:18 am    Post subject: Reply with quote

Well, I also get basically an endless timeout trying this command

Quote:
kwalletd5: Checking for pam module
kwalletd5: Got pam-login param
kwalletd5: Waiting for hash on 9-


Then nothing happens. Upon system login it immediately pops up the prompt. Either way, something is not working as expected here.
Back to top
View user's profile Send private message
wltjr
Retired Dev
Retired Dev


Joined: 31 Jan 2006
Posts: 73

PostPosted: Tue Jan 05, 2016 4:08 am    Post subject: Reply with quote

I think I finally got this working. Which log in manager are you using. Have you tried sddm. Its either sddm and/or newer version of kwallet, 5 in tree, ~arch. I will see about installing sddm on my laptop with kwallet slot 4 still and see if it works or not. If not that will confirm updating kwallet fixes it or sddm. I think its kwallet update that is required but could be sddm and some issue with kdm. There is no slot 4 of kwallet-pam, so probably requires kwallet 5.
Back to top
View user's profile Send private message
wltjr
Retired Dev
Retired Dev


Joined: 31 Jan 2006
Posts: 73

PostPosted: Wed Jan 06, 2016 2:07 pm    Post subject: Reply with quote

It seems at this time the kwallet-pam ebuild is bound to kde:5/plasma:5. It needs a use flag or something to allow it to build with kde:4 libraries and stuff. Thus this will never work with kde:4 on gentoo till a USE flag is added and/or kwallet/kwalletmanager is updated to slot :5 with oldwallet USE flag set on kwalletmanager. SDDM or KDM have nothing to do with it as it seems.
Back to top
View user's profile Send private message
msst
Apprentice
Apprentice


Joined: 07 Jun 2011
Posts: 213

PostPosted: Sat Mar 05, 2016 8:56 pm    Post subject: Reply with quote

Coming back to this, I have here:

x11-misc/sddm
Available versions: (~)0.13.0-r1 (~)0.13.0-r3 {consolekit +pam systemd}
Installed versions: 0.13.0-r3(17:03:33 05.03.2016)(consolekit pam -systemd)

kde-apps/kwalletmanager
Available versions:
(4) 4.14.3(4/4.14) 15.04.3(4/15.04)
(5) (~)15.08.3-r1 (~)15.12.1 (~)15.12.2 {M}(~)15.12.2[1] **15.12.49.9999[1] **9999[1]
{aqua debug doc +handbook minimal}
Installed versions: 15.12.2(5)[1](23:57:29 18.02.2016)(handbook -debug -doc)

kde-apps/signon-kwallet-extension [1]
Available versions: (5) {M}(~)15.12.2 **15.12.49.9999 **9999
{debug}
Installed versions: 15.12.2(5)(23:26:20 18.02.2016)(-debug)

kde-frameworks/kwallet
Available versions: (5) (~)5.17.0(5/5.17) (~)5.18.0(5/5.18) (~)5.19.0(5/5.19) **9999(5/9999)[1]
{debug doc gpg test}
Installed versions: 5.19.0(5)(21:56:38 03.03.2016)(gpg -debug -doc -test)

kde-plasma/kwallet-pam
Available versions: (5) (~)5.4.3-r1 (~)5.5.4 (~)5.5.5 [M](~)5.5.95^m[1] **5.6.49.9999[1] **9999[1]
{debug}
Installed versions: 5.5.5(5)(17:34:42 05.03.2016)(-debug)

As you can see these versions are all clean plasma:5 slot versions. There is no slot 4 version of either kwallet or kwalletmanager installed. This should therefore not be a slot conflict?

It is still not working with 5.5.5, so it seems to me one of the slot5 components is not doing its work...
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6827
Location: Austria

PostPosted: Sat Mar 05, 2016 10:08 pm    Post subject: Reply with quote

Works fine for me, both kde-apps/kwalletd:4 with kde-apps/kwalletd-pam:4 as well as kde-frameworks/kwallet:5 with kde-plasma/kwallet-pam:5. Tested with both KDM as well as SDDM.

Did you check what kind of wallet is actually popping up at startup?
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
msst
Apprentice
Apprentice


Joined: 07 Jun 2011
Posts: 213

PostPosted: Mon Mar 07, 2016 8:15 pm    Post subject: Reply with quote

NetworkManager detects the wifi and wants to read the password from the system-default wallet, which has the passwords for the wifi, email etc. from this user.

I have the password to be the same as the user password that I use in sddm to login the user.
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6827
Location: Austria

PostPosted: Mon Mar 07, 2016 10:44 pm    Post subject: Reply with quote

If you rebuild kde-plasma/kwallet-pam:5, what's in the log at the end?

Code:
emerge -1 kde-plasma/kwallet-pam:5

_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
msst
Apprentice
Apprentice


Joined: 07 Jun 2011
Posts: 213

PostPosted: Mon Mar 07, 2016 11:07 pm    Post subject: Reply with quote

It says that my SDDM - /etc/pam.d/sddm is ...GOOD

Code:
[100%] Linking C shared library pam_kwallet5.so
/usr/bin/cmake -E cmake_link_script CMakeFiles/pam_kwallet5.dir/link.txt --verbose=1
/usr/bin/x86_64-pc-linux-gnu-gcc  -fPIC -O2 -march=native -fomit-frame-pointer -pipe   -Wl,-O1 -Wl,--as-needed -shared -Wl,-soname,pam_kwallet5.so -o pam_kwallet5.so CMakeFiles/pam_kwallet5.dir/pam_kwallet.c.o -lpam -ldl -lgcrypt -lgpg-error
make[2]: Leaving directory '/var/tmp/portage/kde-plasma/kwallet-pam-5.5.5/work/kwallet-pam-5.5.5_build'
[100%] Built target pam_kwallet5
make[1]: Leaving directory '/var/tmp/portage/kde-plasma/kwallet-pam-5.5.5/work/kwallet-pam-5.5.5_build'
/usr/bin/cmake -E cmake_progress_start /var/tmp/portage/kde-plasma/kwallet-pam-5.5.5/work/kwallet-pam-5.5.5_build/CMakeFiles 0
>>> Source compiled.
>>> Test phase [not enabled]: kde-plasma/kwallet-pam-5.5.5

>>> Install kwallet-pam-5.5.5 into /var/tmp/portage/kde-plasma/kwallet-pam-5.5.5/image/ category kde-plasma
>>> Working in BUILD_DIR: "/var/tmp/portage/kde-plasma/kwallet-pam-5.5.5/work/kwallet-pam-5.5.5_build"
make -j8 install
[100%] Built target pam_kwallet5
Install the project...
-- Install configuration: "Gentoo"
-- Installing: /var/tmp/portage/kde-plasma/kwallet-pam-5.5.5/image/lib64/security/pam_kwallet5.so
>>> Completed installing kwallet-pam-5.5.5 into /var/tmp/portage/kde-plasma/kwallet-pam-5.5.5/image/

strip: x86_64-pc-linux-gnu-strip --strip-unneeded -R .comment -R .GCC.command.line -R .note.gnu.gold-version
   lib64/security/pam_kwallet5.so

>>> Installing (1 of 1) kde-plasma/kwallet-pam-5.5.5::gentoo
 * checking 1 files for package collisions
>>> Merging kde-plasma/kwallet-pam-5.5.5 to /
--- /lib64/
--- /lib64/security/
>>> /lib64/security/pam_kwallet5.so
>>> Safely unmerging already-installed instance...
No package files given... Grabbing a set.
--- replaced obj /lib64/security/pam_kwallet5.so
--- replaced dir /lib64/security
--- replaced dir /lib64
>>> Regenerating /etc/ld.so.cache...
>>> Original instance of package unmerged safely.
 *
 * This package enables auto-unlocking of kde-frameworks/kwallet:5.
 * List of things to make it work:
 * 1.  Use same password for login and kwallet
 * 2.  A display manager with support for PAM
 * 3.a Have the following lines in the display manager's pam.d file:
 *     -auth        optional        pam_kwallet5.so
 *     -session     optional        pam_kwallet5.so auto_start
 * 3.b Checking installed DMs...
 *     SDDM - /etc/pam.d/sddm ...GOOD
 *
>>> kde-plasma/kwallet-pam-5.5.5 merged.
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6827
Location: Austria

PostPosted: Mon Mar 07, 2016 11:32 pm    Post subject: Reply with quote

Could you try with a clean session? (disable session restore on login in systemsettings)
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
msst
Apprentice
Apprentice


Joined: 07 Jun 2011
Posts: 213

PostPosted: Tue Mar 08, 2016 1:33 am    Post subject: Reply with quote

You mean Workspace->Start and Shutdown->At login->start with empty session? (I am not using english settings so this is translated)

That is what I use as the session restore does anyway not work with kde:5 applications and virtual desktops (it dumps them all on the desktop no 1 therefore I have it set on empty session). So I always start with a "clean session".
Back to top
View user's profile Send private message
BT
Guru
Guru


Joined: 13 Jun 2004
Posts: 309

PostPosted: Sun Apr 10, 2016 7:37 am    Post subject: Reply with quote

Does kwallet-pam work with wallets using GPG encryption?
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6827
Location: Austria

PostPosted: Sun Apr 10, 2016 9:29 am    Post subject: Reply with quote

It didn't work in the beginning (known limitation), at least, but I don't know if it has changed in the meantime.
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
BT
Guru
Guru


Joined: 13 Jun 2004
Posts: 309

PostPosted: Sun Apr 10, 2016 10:21 am    Post subject: Reply with quote

That's what I suspected. Previously with KDE 4 I used seperate passwords for login and wallet and I had no issues. However with Plasma 5 I'm always prompted for the wallet password immediately after login. This is very annoying, so I attempted to workaround this by enabling wallet auto-unlocking. Is there anyway to prevent kwallet prompting for the password after login without disabling the kwallet subsystem?

Last edited by BT on Sun Apr 10, 2016 11:06 am; edited 1 time in total
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6827
Location: Austria

PostPosted: Sun Apr 10, 2016 10:50 am    Post subject: Reply with quote

Well, what application is requesting the wallet?
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
BT
Guru
Guru


Joined: 13 Jun 2004
Posts: 309

PostPosted: Sun Apr 10, 2016 11:05 am    Post subject: Reply with quote

Chromium is the only application that stores passwords in the wallet. The request happens during the splash screen immediately after login, so I don't think it's Chromium. However based on my experience with KDE 4, I believe the actual request is being made by KWalletManager.
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6827
Location: Austria

PostPosted: Sun Apr 10, 2016 11:06 am    Post subject: Reply with quote

The actual password dialog tells you what application wants to access it.
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
BT
Guru
Guru


Joined: 13 Jun 2004
Posts: 309

PostPosted: Sun Apr 10, 2016 11:11 am    Post subject: Reply with quote

I only get a pinentry passphrase dialog for the GPG key, and it doesn't mention which application is making the request.
Back to top
View user's profile Send private message
BT
Guru
Guru


Joined: 13 Jun 2004
Posts: 309

PostPosted: Mon Apr 11, 2016 9:57 am    Post subject: Reply with quote

I have stoped the pinentry request immediately after login by commenting out the following in /etc/pam.d/sddm:
Code:
-auth          optional        pam_kwallet5.so
-session       optional        pam_kwallet5.so auto_start

Now the pinentry request is only made when I start Chromium, which is how it worked for me in KDE 4.


Last edited by BT on Mon Apr 11, 2016 12:10 pm; edited 1 time in total
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6827
Location: Austria

PostPosted: Mon Apr 11, 2016 12:06 pm    Post subject: Reply with quote

Interesting, so in that case kwallet-pam worked in the exact opposite direction of what it originally intended ;)
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum