unlocking gnome keychain at login?

Duncan 1i5t5.duncan at cox.net
Thu Aug 22 09:22:03 BST 2024 

René J.V. Bertin posted on Tue, 20 Aug 2024 04:16:12 -0700 (PDT) as
excerpted:

> Quick question, how does one ensure that the gnome keychain gets
> unlocked when starting a KDE session? Or maybe there's an
> extension/utility that links it to the KDE wallet. either as the actual
> storage or at least so it gets opened and closed with the wallet?

[Quick mention first:  Your message appears here as threaded under the 
System settings animation thread to which you also replied but which looks 
otherwise unrelated.  That can happen if people start a message as a reply 
instead of as a new independent message, because the reference headers 
still point to the message it replied to.  People who may have otherwise 
had more informative replies than mine may thus skip this message thinking 
it's part of that thread, which they already decided they weren't 
interested in.]

So the idea of single-signon has always seemed less secure for me than I'd 
like, and I've never pursued it (rather the opposite, with some research I 
found that apparently, firefox has no direct way to log out its master 
password for instance, once you put it in; the official suggestion is to 
open a new tab to about:logins and attempt to view or copy a password, 
which will ask you to retype your firefox master password as confirmation 
-- if you cancel that dialog instead of retyping your password, the side 
effect is that it logs out your master password on other tabs as well, 
with that side effect being useful in this case as a method of logging out 
the master password in general).

But here's some ideas where I'd start were I to need such a 
functionality.  Hopefully they can at least provide a useful starting 
point...

* I've seen the kwallet-pam package.  Gentoo description:  PAM module to 
not enter KWallet password again after login.  Doesn't seem to be quite 
what you're looking for, but...  (Gentoo lists a generic kde homepage for 
the package so not a lot of further help there.)

Searching kwallet in the gentoo (plus a few overlays) package database, I 
see...

* kwalletcli   This is a CLI/scripting kwallet interface and ships with a 
number of utilities.  Works with the default wallet only.  Perhaps useful 
for hacking up your own solution, which you could then start with plasma 
using its usual startup configuration.  But this would seem to only handle 
the kde and dbus side of it; I imagine you'd still need something for the 
gnome side.  Homepage: http://www.mirbsd.org/kwalletcli.htm

* signon-kwallet-extension  "kwallet extension for signond"  Homepage: 
https://accounts-sso.gitlab.io/

That page looks to be the entry point for a family of packages with both 
qt and glib interfaces and compatible signond implementations for both gtk 
and qt.  Definitely worth further investigation if you haven't already 
found and rejected it as not what you're after.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

More information about the kde mailing list