FS#46140 - [sddm] add kwallet-pam to pam file

Attached to Project: Arch Linux
Opened by Ivan P (Soukyuu) - Saturday, 29 August 2015, 11:05 GMT
Last edited by Felix Yan (felixonmars) - Thursday, 10 September 2015, 09:31 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Felix Yan (felixonmars)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 3
Private No

Details

Description:

Upon upgrading to 5.4 and installing kwallet-pam, both kde4 and kde5 wallets stopped unlocking themselves automatically.
It seems that the package adds the configuration required to /etc/pam.d/kde, but to make it work out of the box, you have to add those lines to /etc/pam.d/sddm instead.

Additional info:
- kwallet-pam 5.0.4-1
- sddm 0.11.0-3

Steps to reproduce:
- make sure kde4/5 wallets use login password
- install kwallet-pam
- reboot
- start any programs requiring access to the wallet

-> when config in /etc/pam.d/kde: wallets do not get unlocked
-> when config in /etc/pam.d/sddm: wallets get unlocked
This task depends upon

Closed by  Felix Yan (felixonmars)
Thursday, 10 September 2015, 09:31 GMT
Reason for closing:  None
Additional comments about closing:  See comments below, users are expected to update the pam file themselves.
Comment by Antonio Rojas (arojas) - Saturday, 29 August 2015, 13:34 GMT
Upstream doesn't provide any documentation whatsoever for kwallet-pam, so I don't know what is the official way to make it work out of the box. If adding it to /etc/pam.d/sddm is required then it shouldn't be added to our package by default IMO, sddm is an independent project and shouldn't contain any kde related code (what about users of other DM's?). Users should add it to /etc/pam.d/sddm themselves.
Comment by Ivan P (Soukyuu) - Saturday, 29 August 2015, 16:46 GMT
I don't really know how PAM works, but what "executes" the different files in /etc/pam.d?
Maybe all DMs are supposed to "run" the /etc/pam.d/kde file when starting a KDE session? (Which would mean SDDM does not and it's an SDDM bug?)

You could remove the automatic configuration and either link the user to a wiki article via the installation message, or maybe have a script that detects the active DM and puts the config in the respective file?
Comment by Antonio Rojas (arojas) - Wednesday, 09 September 2015, 16:12 GMT
I've removed the kwallet-pam lines from kde.pam, this worked only in KDE4 because that file was also used by KDM.

As I said, I'm not convinced that we should add this to our pam.d/sddm, especially since some users are reporting issues with it [1]. OTOH, both Debian [2] and Fedora [3] include it (but they use their own pam file instead of the one provided by upstream). So let Felix decide what to do. In any case, even if this is not included, pam.d/sddm should be added to the backup array.

[1] https://bugs.kde.org/show_bug.cgi?id=352485
[2] http://anonscm.debian.org/cgit/pkg-kde/kde-std/sddm.git/tree/debian/sddm.pam
[3] http://pkgs.fedoraproject.org/cgit/sddm.git/tree/sddm.pam
Comment by Bastian Beranek (totsilence) - Wednesday, 09 September 2015, 18:26 GMT
I think it would be sufficient to include a guide on how to enable kwallet unlocking with PAM to the KDE wiki page.

I personally wouldn't include it with sddm, even though I have mine set up to unlock the wallet... I'd think not including it in sddm is more in line with the Arch way as well...
Comment by Ivan P (Soukyuu) - Wednesday, 09 September 2015, 20:44 GMT
A message telling the user it has to be configured, optionally with a link to the wiki, once they install the package is probably the best solution.
Comment by Felix Yan (felixonmars) - Thursday, 10 September 2015, 09:30 GMT
pam.d/sddm added to backup array in 0.12.0-2.

Loading...