Unlocking wallet during startup
While setting up plasma5 I found a solution for something that had been bothering me forever. Basically, while session management is restoring all windows, the wallet isn't open yet, so if the wallet is needed to get online (wifi password), all the apps being restored (in my case, about 20 konqueror windows) have no networking yet and just show error pages.
One of the users of the wallet is ksshaskpass (which uses kwallet to give the ssh passphase to ssh-agent). By calling ssh-add in the Autostart folder, it was just one more of the kwallet queries in the queue, waiting for the user while everything is being restored.
While setting up plasma5 I did it slightly differently: I put the file that calls ssh-add into ~/.config/plasma-workspace/env/.
This makes me wonder how distros set up ksshaskpass (more precisely where is the call to ssh-add). It also makes me wonder if we should have a more direct way of unlocking the wallet at startup (e.g. even for people without a ssh key). E.g. a mode where kwallet-query just opens the wallet and nothing else.
How to you initialize pam_kwallet5?
Where are you initializing pam_kwallet5.so in this setup?
I'm trying to use pam_kwallet/pam_kwallet5 together with pam_ecryptfs and it is not working (works only if HOME is already mounted, e.g. when login via ssh or console before using xdm/sddm).
In Fedora ssh-agent starts startkde
In Fedora ssh-agent starts startkde. And then you put "ssh-add ~/.ssh/github Startup and Shutdown. You will be asked for password only once first time as long as you save the passwords in kwallet.
sudhir 1557 0.0 0.0 51296 568 ? Ss Jun03 0:00 /usr/bin/ssh-agent /bin/sh -c exec -l /bin/bash -c "/usr/bin/startkde"
I have no idea how to setup pam-kwallet. It didn't work for me when it was released. Also I didn't find any good tutorial on it so I gave up.
Yes that's what I used to have
ssh-add in Autostart is what I had for 10 years, it works, but it comes in a bit too late, as I described. If you're on WIFI, it makes all the apps start offline until you unlock the wallet.
The early versions of pam
The early versions of pam-kwallet didn't work very well, but recent versions are much better. As mentioned in another reply it works flawlessly on most of my systems. I have only one system for which the kde4 wallet won't unlock. This system has the oldest configuration history and it looks like it fails for some old cruft in there. On cleanly installed systems the wallets (both kf5 and kde4 ones) unlock flawlessly during login.