pam-kwallet review/testing

Tue Apr 29 02:37:14 UTC 2014

On 04/28/2014 06:17 PM, Rex Dieter wrote:
> On 04/28/2014 07:13 PM, Rex Dieter wrote:
>> Hi,
>>
>> pam-kwallet brings to kde what gnome-keyring-pam is for gnome.  It offers
>> the ability to automatically open your kwallet using your login password.
>>
>> Builds are available in kde-testing repo, package review is at:
>> https://bugzilla.redhat.com/1091479
>>
>> To test,
>> 1. install pam-kwallet
>> 2. set kwallet password to be the same as your login password
>> 3. make sure kwallet is configured to *not* autoclose wallets under any
>> circumstances (pam-kwallet only functions once on initial login, it
>> will not
>> reopen closed wallets)
>> 4. configure pam accordingly.  in short, add
>> -auth       optional    pam_kwallet.so
>> -session    optional    pam_kwallet.so
>> (near similar pam-gnome-keyring entries) in your loginmanager pam
>> configuration.  I added these to /etc/pam.d/kdm for example, since I'm
>> testing kdm.
>> 5. profit!
> 
> Sorry, failed to mention, I think only kde-4.13.0 supports this yet, so
> I think I'll move those builds to kde-unstable
> 
> -- Rex

Well, after a couple false starts, it does appear to be working.
However, I'm a little concerned by:

- I seem to have a defunct process:

root       541     1  0 19:59 ?        00:00:00 /usr/bin/kdm vt1
root      6279   541  0 20:05 ?        00:00:00 -:0
orion     6552  6279  0 20:05 ?        00:00:00 [kwalletd] <defunct>
orion     6663     1  0 20:05 ?        00:00:00 /usr/bin/kwalletd
--pam-login 11 16

- The pipe used to write to kwalletd is named "/tmp/<user>.socket".
That seems, predictable.

$ ls -l /tmp/orion.socket
srwxr-xr-x. 1 orion nwra 0 Apr 28 20:32 /tmp/orion.socket

-- 
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA/CoRA Division                    FAX: 303-415-9702
3380 Mitchell Lane                  orion at cora.nwra.com
Boulder, CO 80301              http://www.cora.nwra.com