RFC: enable kwallet auto-unlocking via PAM profile (!6) · Merge requests · Debian Qt and KDE Team / KDE / kwallet-pam

Valentin Kunz requested to merge vkunz/kwallet-pam:pam-integration into experimental May 16, 2021

Dear maintainer,

I would like to propose to enable kwallet auto-unlocking via PAM profile instead of manual action for every DM.

This would enable auto-unlocking via PAM independent of the currently used PAM stack configured by the used DM. Instead of enabling it via /etc/pam.d/[sddm|lightdm|gdm|$dm] PAM stacks it would be enabled in /etc/pam.d/common-[auto,session].

Every PAM stack including both these files would trigger auto-unlocking the wallet. Logging in via ssh would trigger the auto-unlock. This is a pretty major change, thus the RFC. It might have side effects I am not familiar with. I have not tested every possible PAM stack within debian.

My use-case is lightdm with KDE Plasma, this works as expected, but more testing with sddm/gdm/$dm would be appreciated.

This should not break existing users, as kwallet handles multiple invocations gracefully.

BR, Valentin Kunz

RFC: enable kwallet auto-unlocking via PAM profile

Merge request reports