How to edit /etc/pam.d/sddm to unlock gnome-keyring at login

aliquo93

New Member
Joined
Jan 20, 2021
Messages
11
Reaction score
2
Credits
104
Hi, I have Mailspring on Kubuntu 21.04, but every time I open it a popup appears asking the keyring password. After some research I found that the issue is that SDDM doesn't automatically unlock gnome-keyring at login (even with auto-login disabled), but it can be fixed by editing "/etc/pam.d/sddm" configuration file. I also know that editing that file wrongly can lock you out of your system, so I want to do it after being sure of what I am doing. This is the content of my sddm configuration file:

Code:
#%PAM-1.0

# Block login if they are globally disabled
auth    requisite       pam_nologin.so
auth    required        pam_succeed_if.so user != root quiet_success

# auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
# gnome_keyring breaks QProcess
-auth   optional        pam_gnome_keyring.so
-auth   optional        pam_kwallet5.so

@include common-account

# SELinux needs to be the first session rule.  This ensures that any
# lingering context has been cleared.  Without this it is possible that a
# module could execute code in the wrong domain.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
# Create a new session keyring.
session optional        pam_keyinit.so force revoke
session required        pam_limits.so
session required        pam_loginuid.so
@include common-session
# SELinux needs to intervene at login time to ensure that the process starts
# in the proper default security context.  Only sessions which are intended
# to run in the user's context should be run after this.
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
-session optional       pam_gnome_keyring.so auto_start
-session optional       pam_kwallet5.so auto_start

@include common-password

# From the pam_env man page
# Since setting of PAM environment variables can have side effects to other modules, this module should be the last one on the stack.

# Load environment from /etc/environment
session required        pam_env.so

# Load environment from /etc/default/locale and ~/.pam_environment
session required        pam_env.so envfile=/etc/default/locale user_readenv=1

I see that gnome-keyring is already mentioned in 2 lines:

Code:
-auth   optional        pam_gnome_keyring.so

and

Code:
-session optional       pam_gnome_keyring.so auto_start

How can I edit it to make it unlock gnome-keyring at login? I just have to remove the "-" before those 2 lines or there is something else I have to do? Thanks in advance!
 


From what little I understand that is, even with PAM starting it at login, you still have to add a line for it to ~/.xprofile or a similar script that's running at start-up of your desktop. In order for the gnome keyring to login and gnome keyring has 3 rings to unlock secrets, ssh, and pkcs11 which is usually located here /etc/xdg/autostart/ but I do believe manipulating it will probably cause the daemon to crash. My advice would be not to do it.
 
You can:
1. Type, and confirm a password.
2. Ignore; don’t enter any password and hit continue instead, it'll warn you about that, hit continue again. This way, the keyring will have no password and will remain unlocked all the time, so it won't ask you for a password.
 


Top