This is Nikola Kovacs's Typepad Profile.
Join Typepad and start following Nikola Kovacs's activity
Join Now!
Already a member? Sign In
Nikola Kovacs
Recent Activity
There's another pam_set_data / pam_get_data pair, with the key "sm_open_session", which should probably also be fixed to be unique. In my case I'm not getting the log message "open_session was called before us, calling it now", even though both pam_sm_authenticate functions execute one after the other, so the second one should be able to read "sm_open_session". I'm not sure what's happening there. The pam_sm_open_session functions are called after both authenticates though, and everything works. My email address is here: https://git.reviewboard.kde.org/users/nkovacs/, but I don't really mind if the commit is with your name, I'm just happy it's finally working.
Figured it out. pam_set_data and pam_get_data were using the same key, so pam_kwallet5 was overwriting pam_kwallet's hash. Now it finally works and both wallets are unlocked. Here's the full source code: https://gist.github.com/nkovacs/8ce56653f5accc78d575 You also need to duplicate the three lines in startkde that send the environment to the socket in $PAM_KWALLET_LOGIN so that it also sends them to $PAM_KWALLET5_LOGIN: # At this point all the environment is ready, let's send it to kwalletd if running if test -n "$PAM_KWALLET_LOGIN" ; then env | socat STDIN UNIX-CONNECT:$PAM_KWALLET_LOGIN fi if test -n "$PAM_KWALLET5_LOGIN" ; then env | socat STDIN UNIX-CONNECT:$PAM_KWALLET5_LOGIN fi
I also changed the socket name in /tmp to /tmp/kw_username and /tmp/kw5_username so that they don't both try to use the same one, and I had to change the startkde script so that it checks both $PAM_KWALLET_LOGIN and $PAM_KWALLET5_LOGIN and sends the environment to both. Now both kwalletd and kwalletd5 execute, but kwalletd still doesn't open the wallet if pam_kwallet5 is enabled.
I changed the env variable in both pam_kwallet5 and kwallet5 to PAM_KWALLET5_LOGIN. Both of them execute now (I see pam-kwallet: final socket path in auth.log), but only one works. If I disable pam_kwallet5.so, pam_kwallet works. If I enable both, only pam_kwallet5 works.
http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html: $XDG_DATA_HOME defines the base directory relative to which user specific data files should be stored. If $XDG_DATA_HOME is either not set or empty, a default equal to $HOME/.local/share should be used. Shouldn't that be the default in pam_kwallet then? I managed to get it to work by backporting the patch to kwallet, I'll try to get both to work now by using a different env variable for the kwallet5 version (PAM_KWALLET5_LOGIN)
This has been annoying me for months, so thanks! I couldn't get this to work on Kubuntu yet (I'm missing the patch to KWallet), but I think I found some bugs: First, it's trying to read or create ~/.local/kwalletd/kdewallet.salt, but that file is located at ~/.local/share/kwalletd/kdewallet.salt Second, you can't have both pam_kwallet.so and pam_kwallet5.so enabled, because both use the "PAM_KWALLET_LOGIN" environment variable to detect that they've already executed, so the second one exits early with the message "pam_kwallet: we were already executed"
Nikola Kovacs is now following The Typepad Team
Jul 27, 2015