sddm + pam_kwallet5 + pam_usb = “open_session 调用时未使用 kwallet5_key”

sddm + pam_kwallet5 + pam_usb = “open_session 调用时未使用 kwallet5_key”

设置并运行 pam_usb 后,当我在 SDDM 中输入密码并连接 USB 密钥时,Plasma 启动后,我看到 kwallet 未解锁。插入 USB 密钥时不会发生这种情况我登录了。当问题出现时,我可以在日志中看到以下消息:

18 00:05:01 rocket sddm-helper[3172]: pam_kwallet(sddm:session): (null): pam_sm_open_session
18 00:05:01 rocket sddm-helper[3172]: pam_kwallet(sddm:session): pam_kwallet: open_session called without kwallet_key
18 00:05:01 rocket sddm-helper[3172]: pam_kwallet5(sddm:session): (null): pam_sm_open_session
18 00:05:01 rocket sddm-helper[3172]: pam_kwallet5(sddm:session): pam_kwallet5: open_session called without kwallet5_key

以下是相关的 pam 文件:

cat /etc/pam.d/common-auth|grep -v "^#"

auth    sufficient      pam_usb.so
auth    [success=1 default=ignore]      pam_unix.so nullok_secure try_first_pass
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so

cat /etc/pam.d/sddm|grep -v "^#"

auth    requisite       pam_nologin.so
auth    required        pam_succeed_if.so user != root quiet_success

@include common-auth
-auth   optional        pam_gnome_keyring.so
-auth   optional        pam_kwallet.so
-auth   optional        pam_kwallet5.so

@include common-account

session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session optional        pam_keyinit.so force revoke
session required        pam_limits.so
session required        pam_loginuid.so
session required        pam_systemd.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
-session optional       pam_gnome_keyring.so auto_start
-session optional       pam_kwallet.so auto_start
-session optional       pam_kwallet5.so auto_start

@include common-password


session required        pam_env.so

session required        pam_env.so envfile=/etc/default/locale

如何配置 pam_usb 和 pam_kwallet(5) 以使其共存?

答案1

我没有找到比以下更好的东西:

cat /etc/pam.d/common-auth

auth sufficient pam_usb.so
@include common-auth-nousb

cat /etc/pam.d/common-auth-nousb

auth    [success=1 default=ignore]      pam_unix.so nullok_secure try_first_pass
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so

head /etc/pam.d/sddm

#%PAM-1.0

# Block login if they are globally disabled
auth    requisite       pam_nologin.so
auth    required        pam_succeed_if.so user != root quiet_success

# auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth-nousb
# gnome_keyring breaks QProcess
-auth   optional        pam_gnome_keyring.so

这虽然pam-auth-update没用,但却达到了目的:现在我可以使用插入的密钥闪存驱动器进行启动,而无需手动解锁 kwallet。

相关内容