[opensuse-kde] howto use pam_kwallet with Plasma 5.9 - openSUSE KDE - openSUSE Mailing Lists

newer
[opensuse-kde] FYI: 13.2 and 42.1...

[opensuse-kde] howto use pam_kwallet with Plasma 5.9

older
[opensuse-kde]...

Cisbug

12 Feb 2017 12 Feb '17

14:46

What need I to do to get pam_kwallet doing it's task, opening kwallet after login? I have installed: pam_kwallet 5.9.1-1.1 from openSUSE-Tumbleweed-Oss kwalletd5 5.30.0 from openSUSE-Tumbleweed-Oss libkwalletbackend5-5 5.30.0 from openSUSE-Tumbleweed-Oss kwalletmanager5 16.12.1 from openSUSE-Tumbleweed-Oss My Wallet password is equal to my login password. -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Reply

Sign in to reply online Use email software

Show replies by date

Herbert Graeber

12 Feb 12 Feb

21:47

Am Sonntag, 12. Februar 2017, 15:46:28 CET schrieb Cisbug:

What need I to do to get pam_kwallet doing it's task, opening kwallet after login?

I have installed: pam_kwallet 5.9.1-1.1 from openSUSE-Tumbleweed-Oss kwalletd5 5.30.0 from openSUSE-Tumbleweed-Oss libkwalletbackend5-5 5.30.0 from openSUSE-Tumbleweed-Oss kwalletmanager5 16.12.1 from openSUSE-Tumbleweed-Oss

My Wallet password is equal to my login password.

You have to edit /etc/pamd.d/sddm to

#%PAM-1.0 auth substack common-auth auth optional pam_kwallet5.so auth optional pam_kwallet.so kdehome=.kde4 account include common-account password include common-password session required pam_loginuid.so session include common-session session optional pam_kwallet5.so session optional pam_kwallet.so

The interesting part here is to use "substack" instead of "include", else the optional entries will not be executed if common-auth has a "sufficient" entry. Herbert -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Reply

Sign in to reply online Use email software

Cisbug

15 Feb 15 Feb

19:53

Am Sonntag, 12. Februar 2017, 22:47:45 CET schrieb Herbert Graeber:

You have to edit /etc/pamd.d/sddm to

...
#%PAM-1.0 auth substack common-auth auth optional pam_kwallet5.so auth optional pam_kwallet.so kdehome=.kde4 account include common-account password include common-password session required pam_loginuid.so session include common-session session optional pam_kwallet5.so session optional pam_kwallet.so

The interesting part here is to use "substack" instead of "include", else the optional entries will not be executed if common-auth has a "sufficient" entry.

Thank you, it should be written anywhere on OpenSuse documentation. -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Reply

Sign in to reply online Use email software

Todd Rme

19 Feb 19 Feb

15:15

On Sun, Feb 12, 2017 at 4:47 PM, Herbert Graeber wrote:

Am Sonntag, 12. Februar 2017, 15:46:28 CET schrieb Cisbug:

...
What need I to do to get pam_kwallet doing it's task, opening kwallet after login?

I have installed: pam_kwallet 5.9.1-1.1 from openSUSE-Tumbleweed-Oss kwalletd5 5.30.0 from openSUSE-Tumbleweed-Oss libkwalletbackend5-5 5.30.0 from openSUSE-Tumbleweed-Oss kwalletmanager5 16.12.1 from openSUSE-Tumbleweed-Oss

My Wallet password is equal to my login password.

You have to edit /etc/pamd.d/sddm to

...
#%PAM-1.0 auth substack common-auth auth optional pam_kwallet5.so auth optional pam_kwallet.so kdehome=.kde4 account include common-account password include common-password session required pam_loginuid.so session include common-session session optional pam_kwallet5.so session optional pam_kwallet.so

The interesting part here is to use "substack" instead of "include", else the optional entries will not be executed if common-auth has a "sufficient" entry.

Herbert -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Is there a way to have this added automatically when pam-kwallet is installed? I would think if someone installs pam-kwallet they want it to "just work". Or at least have a subpackage they can install that includes it. -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Reply

Sign in to reply online Use email software

Bruno Friedmann

15:35

On dimanche, 19 février 2017 16.15:18 h CET Todd Rme wrote:

On Sun, Feb 12, 2017 at 4:47 PM, Herbert Graeber wrote:

...
Am Sonntag, 12. Februar 2017, 15:46:28 CET schrieb Cisbug:

...
What need I to do to get pam_kwallet doing it's task, opening kwallet after login?

I have installed: pam_kwallet

5.9.1-1.1 from openSUSE-Tumbleweed-Oss

kwalletd5

5.30.0 from openSUSE-Tumbleweed-Oss

libkwalletbackend5-5

5.30.0 from openSUSE-Tumbleweed-Oss

kwalletmanager5

16.12.1 from openSUSE-Tumbleweed-Oss

My Wallet password is equal to my login password.

You have to edit /etc/pamd.d/sddm to

...
#%PAM-1.0 auth substack common-auth auth optional pam_kwallet5.so auth optional pam_kwallet.so kdehome=.kde4 account include common-account password include common-password session required pam_loginuid.so session include common-session session optional pam_kwallet5.so session optional pam_kwallet.so

The interesting part here is to use "substack" instead of "include", else the optional entries will not be executed if common-auth has a "sufficient" entry.

Herbert -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Is there a way to have this added automatically when pam-kwallet is installed? I would think if someone installs pam-kwallet they want it to "just work". Or at least have a subpackage they can install that includes it.

Well it doesn't work for autologin here's the logs I get systemd[1]: Starting X Display Manager... root[3908]: /etc/init.d/xdm: No changes for /etc/X11/xdm/Xservers root[3908]: /etc/init.d/xdm: No changes for /etc/X11/xdm/xdm-config sddm[3944]: Initializing... sddm[3944]: Starting... sddm[3944]: Adding new display on vt 1 ... sddm[3944]: Display server starting... sddm[3944]: Running: /usr/bin/X -nolisten tcp -auth /run/sddm/{f10a6913- ff92-4a5c-aa0d-0d2eb8949826} -background none -noreset -displayfd 18 vt1 acpid[1531]: client connected from 3946[0:0] acpid[1531]: 1 client rule loaded display-manager[3899]: Starting service sddm..done systemd[1]: Started X Display Manager. sddm[3944]: Running display setup script "/usr/share/sddm/scripts/Xsetup" sddm[3944]: Display server started. sddm[3944]: Reading from "/usr/share/xsessions/plasma5.desktop" sddm[3944]: Reading from "/usr/share/xsessions/plasma5.desktop" sddm[3944]: Session "/usr/share/xsessions/plasma5.desktop" selected, command: "/usr/bin/startkde" sddm[3944]: Adding cookie to "/run/sddm/{f10a6913-ff92-4a5c- aa0d-0d2eb8949826}" sddm-helper[3953]: PAM unable to dlopen(/lib64/security/pam_kwallet.so): / lib64/security/pam_kwallet.so: cannot open shared object file: No such file or d sddm-helper[3953]: PAM adding faulty module: /lib64/security/pam_kwallet.so sddm-helper[3953]: [PAM] Starting... sddm-helper[3953]: [PAM] Authenticating... sddm-helper[3953]: [PAM] Preparing to converse... sddm-helper[3953]: [PAM] Conversation with 1 messages sddm-helper[3953]: pam_unix(sddm-autologin:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=bruno sddm-helper[3953]: pam_kwallet5(sddm-autologin:auth): (null): pam_sm_authenticate sddm-helper[3953]: [PAM] authenticate: Authentication failure sddm-helper[3953]: [PAM] returning. sddm[3944]: Authentication error: "Authentication failure" sddm-helper[3953]: [PAM] Ended. sddm[3944]: Auth: sddm-helper exited with 1 /etc/pam.d/sddm and /etc/pam.d/sddm-autologin are now identical like this #%PAM-1.0 auth substack common-auth auth optional pam_kwallet5.so auth optional pam_kwallet.so kdehome=.kde4 account include common-account password include common-password session required pam_loginuid.so session include common-session session optional pam_kwallet5.so session optional pam_kwallet.so From the error above I guess that pam_kwallet.so can be removed as the file doesn't exist ? -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch Bareos Partner, openSUSE Member, fsfe fellowship GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Reply

Sign in to reply online Use email software

Bruno Friedmann

15:51

Also perhaps we need like gnome-keyring a -32bits package to have /lib/ security/pam_kwallet5.so ? -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch Bareos Partner, openSUSE Member, fsfe fellowship GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Reply

Sign in to reply online Use email software

Wolfgang Bauer

21 Feb 21 Feb

14:15

Am Sonntag, 19. Februar 2017, 16:35:26 schrieb Bruno Friedmann:

Well it doesn't work for autologin

Correct. The reason is that pam_kwallet5 is unable to get the login password in that case AFAIK. Kind Regards, Wolfgang -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Reply

Sign in to reply online Use email software

Luca Beltrame

19 Feb 19 Feb

17:01

In data domenica 19 febbraio 2017 16:15:18 CET, Todd Rme ha scritto:

Is there a way to have this added automatically when pam-kwallet is installed? I would think if someone installs pam-kwallet they want it to "just work". Or at least have a subpackage they can install that includes it.

Apparently this is possible with pam-config: however I'm not sure how to use it properly in a package. -- Luca Beltrame - KDE Forums team GPG key ID: A29D259B -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Reply

Sign in to reply online Use email software

Cisbug

18:24

Am Sonntag, 19. Februar 2017, 18:01:38 CET schrieb Luca Beltrame:

Apparently this is possible with pam-config: however I'm not sure how to use it properly in a package.

Maybe you could explain how to do it in pam-config, Luca, and another person could explain how to call pam-config at installation time. -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Reply

Sign in to reply online Use email software

Wolfgang Bauer

21 Feb 21 Feb

14:20

Am Sonntag, 19. Februar 2017, 18:01:38 schrieb Luca Beltrame:

In data domenica 19 febbraio 2017 16:15:18 CET, Todd Rme ha scritto:

...
Is there a way to have this added automatically when pam-kwallet is installed? I would think if someone installs pam-kwallet they want it to "just work". Or at least have a subpackage they can install that includes it.

Apparently this is possible with pam-config: however I'm not sure how to use it properly in a package.

I'm not sure, but I think support for pam_kwallet5 would need to be added to pam-config first. For sddm we could add the necessary lines to the shipped /etc/pam.d/sddm. This has been done upstream already btw: https://github.com/sddm/sddm/commit/1dccfe7a1b9583090f5b3118c766ef12b04d4c55 https://github.com/sddm/sddm/commit/892422ef3445e0189fc4402d9c17187b0b3bf43f The second one is rather pointless IMHO though. According to the commit message it only works with an empty kwallet password, but in that case there's no need for pam_kwallet5 in the first place anyway. Kind Regards, Wolfgang -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kde+owner@opensuse.org

Reply

Sign in to reply online Use email software

2621

Age (days ago)

2630

Last active (days ago)

Download

9 comments

6 participants

tags

participants (6)

Bruno Friedmann
Cisbug
Herbert Graeber
Luca Beltrame
Todd Rme
Wolfgang Bauer