On 04/28/2014 07:13 PM, Rex Dieter wrote:
Hi,
pam-kwallet brings to kde what gnome-keyring-pam is for gnome. It offers the ability to automatically open your kwallet using your login password.
Builds are available in kde-testing repo, package review is at: https://bugzilla.redhat.com/1091479
To test,
- install pam-kwallet
- set kwallet password to be the same as your login password
- make sure kwallet is configured to *not* autoclose wallets under any
circumstances (pam-kwallet only functions once on initial login, it will not reopen closed wallets) 4. configure pam accordingly. in short, add -auth optional pam_kwallet.so -session optional pam_kwallet.so (near similar pam-gnome-keyring entries) in your loginmanager pam configuration. I added these to /etc/pam.d/kdm for example, since I'm testing kdm. 5. profit!
Sorry, failed to mention, I think only kde-4.13.0 supports this yet, so I think I'll move those builds to kde-unstable
-- Rex
On 04/28/2014 06:17 PM, Rex Dieter wrote:
On 04/28/2014 07:13 PM, Rex Dieter wrote:
Hi,
pam-kwallet brings to kde what gnome-keyring-pam is for gnome. It offers the ability to automatically open your kwallet using your login password.
Builds are available in kde-testing repo, package review is at: https://bugzilla.redhat.com/1091479
To test,
- install pam-kwallet
- set kwallet password to be the same as your login password
- make sure kwallet is configured to *not* autoclose wallets under any
circumstances (pam-kwallet only functions once on initial login, it will not reopen closed wallets) 4. configure pam accordingly. in short, add -auth optional pam_kwallet.so -session optional pam_kwallet.so (near similar pam-gnome-keyring entries) in your loginmanager pam configuration. I added these to /etc/pam.d/kdm for example, since I'm testing kdm. 5. profit!
Sorry, failed to mention, I think only kde-4.13.0 supports this yet, so I think I'll move those builds to kde-unstable
-- Rex
Well, after a couple false starts, it does appear to be working. However, I'm a little concerned by:
- I seem to have a defunct process:
root 541 1 0 19:59 ? 00:00:00 /usr/bin/kdm vt1 root 6279 541 0 20:05 ? 00:00:00 -:0 orion 6552 6279 0 20:05 ? 00:00:00 [kwalletd] <defunct> orion 6663 1 0 20:05 ? 00:00:00 /usr/bin/kwalletd --pam-login 11 16
- The pipe used to write to kwalletd is named "/tmp/<user>.socket". That seems, predictable.
$ ls -l /tmp/orion.socket srwxr-xr-x. 1 orion nwra 0 Apr 28 20:32 /tmp/orion.socket
Rex Dieter wrote:
pam-kwallet brings to kde what gnome-keyring-pam is for gnome.
2 Questions:
1. I am using gdm, not kdm, so where would I put those pam -auth and - session configurations? You mentioned that you put yours in /etc/pam.d/kdm. Would I add them to a gdm file (if there is one)?
2. I am really confused by all of this password stuff. There is also an application called ksshaskpass. I have that installed and I added a script, exactly as shown in the directions, to ~/.kde/Autostart. Does pam-kwallet make ksshaskpass redundant? Must I/Can I/Should I leave the script in Autostart intact?
On 04/29/2014 06:13 PM, Peter Gueckel wrote:
Rex Dieter wrote:
pam-kwallet brings to kde what gnome-keyring-pam is for gnome.
2 Questions:
- I am using gdm, not kdm, so where would I put those pam -auth and -
session configurations? You mentioned that you put yours in /etc/pam.d/kdm. Would I add them to a gdm file (if there is one)?
- I am really confused by all of this password stuff. There is also an
application called ksshaskpass. I have that installed and I added a script, exactly as shown in the directions, to ~/.kde/Autostart. Does pam-kwallet make ksshaskpass redundant? Must I/Can I/Should I leave the script in Autostart intact?
Leave it intact, but ksshaskpass can store the passphrase in the wallet and thus add the keys automatically.
Thanks, Rex, Orion.
I put the lines into both gsm-password and gdm-pin, since those were the 2 files that had pam-gnome mentions.
I logged out/in and tried kmail. No more nuisance password entry to get the mail. Yay! All of these damned password requests when you have already logged in! Gone, finally, I hope! If this is the only thing it does, it will have been worth it :D
Orion Poplawski wrote:
I seem to have a defunct process
So do I [scratches head].