Bug 1029942

Summary: Take upstream sddm changes that include KWallet and GNOME Keyring support in /etc/pam.d sddm
Product: [openSUSE] openSUSE Tumbleweed Reporter: Nathaniel Graham <nate>
Component: BasesystemAssignee: Fabian Vogt <fabian>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Enhancement    
Priority: P5 - None CC: cfeck, fabian, fvogt, nate
Version: Current   
Target Milestone: ---   
Hardware: x86-64   
OS: SUSE Other   
See Also: https://bugzilla.suse.com/show_bug.cgi?id=1027128
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Nathaniel Graham 2017-03-17 15:44:17 UTC 
I'm using KDE Plasma 5.9.2 on openSUSE Tumblwweed.

Right now, if I want my KWallet to unlock at login, I need to make sure its password matches my login password, and also manually install the kwallet PAM package and edit /etc/pam.d/<display manager>.

Since this is dependent on the display manager used, ensuring this is the job of the distro, not KDE.
Comment 1 Nathaniel Graham 2017-04-16 15:48:26 UTC 
It appears that sddm upstream already has support for KWallet (and GNOME keyring): https://github.com/sddm/sddm/blob/develop/services/sddm.pam

So it seems like the sddm packaged by openSUSE just needs to pick that up and this part of the issue will be resolved.
Comment 2 Fabian Vogt 2017-04-16 16:39:57 UTC 
Adding related bug as "See also", as the underlying issue is that /etc/security/pam.d/sddm is not known to pam-config.
Comment 3 Fabian Vogt 2017-08-01 09:45:18 UTC 
pam_kwallet5.so needs to be supported by pam-config, so reassigning to pam-config maintainer.
Comment 4 Thorsten Kukuk 2017-08-02 07:39:06 UTC 
pam-config has no support to manage /etc/pam.d/sddm. So either somebody has to implement it, or sddm needs to ship a pam config file including this lines already. I have no time for that.
Comment 5 Fabian Vogt 2017-08-02 09:39:03 UTC 
(In reply to Thorsten Kukuk from comment #4)
> pam-config has no support to manage /etc/pam.d/sddm. So either somebody has
> to implement it, or sddm needs to ship a pam config file including this
> lines already. I have no time for that.

I made a PR: https://github.com/SUSE/pam-config/pull/2

The pam_kwallet package in KDE:Frameworks5 is already adjusted for this and with the pam-config changes installed, simply "zypper in pam_kwallet" is enough to get the wallet unlocked during login now.
Comment 6 Bernhard Wiedemann 2017-08-02 10:00:41 UTC 
This is an autogenerated message for OBS integration:
This bug (1029942) was mentioned in
https://build.opensuse.org/request/show/513811 Factory / pam_kwallet
Comment 7 Fabian Vogt 2017-08-29 11:55:09 UTC 
Landed in TW.