pam_kwallet (https://cgit.kde.org/kwallet-pam.git) can be used to unlock the
KDE wallet (password storage) using the password during login.

It's included in the distro for a while now and was never properly reviewed by
the security team as there is no such requirement for PAM modules. IMO a review
should be done.

It's a fairly small PAM module (plain C) which reads the password using PAM,
computes the hash used as the encryption key, drops privileges and starts
kwalletd with the key written into a pipe.