KWallet PAM integration in TW

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

KWallet PAM integration in TW

Fabian Vogt-2
Hi,

it was a much requested feature to have some better integration of
the KWallet PAM module into the system. Until now, it was necessary to
add the module manually to the configuration files in /etc/pam.d.

To improve the situation, kwallet-pam got some necessary fixes (already
upstream in master and backported to 5.10.4) and pam-config gained support
for the pam_kwallet5.so module.

With the upcoming release of Plasma, 5.10.5, the pam_kwallet package will
automatically activate itself when installed. This however means that
you *must* remove any manual edits of the PAM configuration beforehand!
Otherwise the pam module will be included multiple times during the
authentication process, which may work fine in most cases, but can also
break the authentication process, resulting in the total inability to
login graphically.
Please report any bugs or other issues you find.

Note that this only applies to Tumbleweed.

Cheers,
Fabian
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: KWallet PAM integration in TW

Patrick Shanahan-2
* Fabian Vogt <[hidden email]> [08-22-17 05:13]:

> Hi,
>
> it was a much requested feature to have some better integration of
> the KWallet PAM module into the system. Until now, it was necessary to
> add the module manually to the configuration files in /etc/pam.d.
>
> To improve the situation, kwallet-pam got some necessary fixes (already
> upstream in master and backported to 5.10.4) and pam-config gained support
> for the pam_kwallet5.so module.
>
> With the upcoming release of Plasma, 5.10.5, the pam_kwallet package will
> automatically activate itself when installed. This however means that
> you *must* remove any manual edits of the PAM configuration beforehand!
> Otherwise the pam module will be included multiple times during the
> authentication process, which may work fine in most cases, but can also
> break the authentication process, resulting in the total inability to
> login graphically.
> Please report any bugs or other issues you find.
>
> Note that this only applies to Tumbleweed.

these would have "rpmsave" or "rpmnew" files to indicate this?  I do not
remember having edited a file under /etc/pam.d/

or is there another method to determine?

tks,
--
(paka)Patrick Shanahan       Plainfield, Indiana, USA          @ptilopteri
http://en.opensuse.org    openSUSE Community Member    facebook/ptilopteri
Registered Linux User #207535                    @ http://linuxcounter.net
Photos: http://wahoo.no-ip.org/piwigo                    paka @ IRCnet freenode
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: KWallet PAM integration in TW

Fabian Vogt-2
Hi,

Am Dienstag, 22. August 2017, 13:22:33 CEST schrieb Patrick Shanahan:

> * Fabian Vogt <[hidden email]> [08-22-17 05:13]:
> > Hi,
> >
> > it was a much requested feature to have some better integration of
> > the KWallet PAM module into the system. Until now, it was necessary to
> > add the module manually to the configuration files in /etc/pam.d.
> >
> > To improve the situation, kwallet-pam got some necessary fixes (already
> > upstream in master and backported to 5.10.4) and pam-config gained support
> > for the pam_kwallet5.so module.
> >
> > With the upcoming release of Plasma, 5.10.5, the pam_kwallet package will
> > automatically activate itself when installed. This however means that
> > you *must* remove any manual edits of the PAM configuration beforehand!
> > Otherwise the pam module will be included multiple times during the
> > authentication process, which may work fine in most cases, but can also
> > break the authentication process, resulting in the total inability to
> > login graphically.
> > Please report any bugs or other issues you find.
> >
> > Note that this only applies to Tumbleweed.
>
> these would have "rpmsave" or "rpmnew" files to indicate this?

No, most guides tell you to edit /etc/pam.d/sddm, while pam-config generates
/etc/pam.d/common-* files, which are included by /etc/pam.d/{sddm,xdm,sudo,...}.
(common-* files are %ghost, so you won't get .rpm{save,new} for those either)

> I do not remember having edited a file under /etc/pam.d/ or is there another
> method to determine?

That depends on how you set it up. Generally speaking,

    grep -R kwallet /etc/pam.d

needs to have no output.

Cheers,
Fabian

>
> tks,
>


--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: KWallet PAM integration in TW

Patrick Shanahan-2
* Fabian Vogt <[hidden email]> [08-22-17 07:30]:
 [...]

> > > With the upcoming release of Plasma, 5.10.5, the pam_kwallet package
> > > will automatically activate itself when installed.  This however
> > > means that you *must* remove any manual edits of the PAM
> > > configuration beforehand!  Otherwise the pam module will be included
> > > multiple times during the authentication process, which may work
> > > fine in most cases, but can also break the authentication process,
> > > resulting in the total inability to login graphically.  
> > > Please report any bugs or other issues you find.
> > >
> > > Note that this only applies to Tumbleweed.
> >
> > these would have "rpmsave" or "rpmnew" files to indicate this?
>
> No, most guides tell you to edit /etc/pam.d/sddm, while pam-config generates
> /etc/pam.d/common-* files, which are included by /etc/pam.d/{sddm,xdm,sudo,...}.
> (common-* files are %ghost, so you won't get .rpm{save,new} for those either)
>
> > I do not remember having edited a file under /etc/pam.d/ or is there another
> > method to determine?
>
> That depends on how you set it up. Generally speaking,
>
>     grep -R kwallet /etc/pam.d
>
> needs to have no output.

thanks much
--
(paka)Patrick Shanahan       Plainfield, Indiana, USA          @ptilopteri
http://en.opensuse.org    openSUSE Community Member    facebook/ptilopteri
Registered Linux User #207535                    @ http://linuxcounter.net
Photos: http://wahoo.no-ip.org/piwigo                    paka @ IRCnet freenode
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]