I got tired of chromium nagging on every start about a wallet - so i tried to create one and setting up PAM by following the arch wiki instructions
Then on next boot, system doesn’t connect to wifi - i presume this is because the credentials have been stuffed into the wallet (which it never told me it would do) and it fails to open quickly enough or not at all, i’m not sure. (I typically start the pc then do something else for a few minutes before returning)
I tried to look for some logs, but that doesn’t seem to shed much light on the issue.
I just needed to know because the process is different depending on that one factor. If you don’t use autologin. Then all you need to do is install the package kwallet-pam and make sure that your kwallet password is the same as your user password and that is it.
If you do use autologin then the login screen never gets a chance to open kwallet because you don’t actually see the login screen. In this case, you could set the kwallet password to be blank, but that is considered to be insecure.
The arch wiki article you linked to mentioned pam_autologin, but I’ll need to read more into that to see how that is supposed to work. Also you know that article you linked to is from 2014 right?
Sorry it took so long. I was looking into the pam_autologin thing when I came across a feature request and merge request in sddm here and here.
Basically if you are already encrypting your disks then systemd already has a way to do this and we just need to use it.
Unlock kwallet on autologin
suedit /etc/pam.d/sddm-autologin.
Add the line:
-auth optional pam_systemd_loadkey.so
above the line
-auth optional pam_gnome_keyring.so.
sudo systemctl edit sddm.service.
Add the following content
[Service]
KeyringMode=inherit
Reboot
I tried it out myself, and after rebooting, then sure enough kwallet was opened on autologin. Apparently, Fedora was already using this trick with Gnome.
Of course, you still need things to line up. Meaning that the disk encryption password, the login password, and the kdewallet password all need to be the same for this to work.
Lastly, thanks for asking this question. Otherwise, I never would have looked into this issue and solved the problem on my system. I had just decided to live with the fact that autologin and automatic keyring unlocking couldn’t coexist.
Well without disk encryption that means there is no point in the process in which you type in your password, so this method wouldn’t work for you. This basically puts you back to the starting block. Most techniques depend on you entering your password at least once. The idea is to make it so you don’t have to do it multiple times.
This leaves you with the options of setting an empty password in kwallet which is insecure because all of your passwords are now saved in plain text or getting pam_autologin working which if I understand correctly will save the password in a root location. Not the most secure but definitely better than the no password at all option.
Sorry, forget that last comment. I looked at the conclusion of that thread and it turns out pam_autologin is for automatically logging into tty’s it wasn’t meant to be used with desktop environments.
