设置并运行 pam_usb 后,当我在 SDDM 中输入密码并连接 USB 密钥时,Plasma 启动后,我看到 kwallet 未解锁。插入 USB 密钥时不会发生这种情况后我登录了。当问题出现时,我可以在日志中看到以下消息:
18 00:05:01 rocket sddm-helper[3172]: pam_kwallet(sddm:session): (null): pam_sm_open_session
18 00:05:01 rocket sddm-helper[3172]: pam_kwallet(sddm:session): pam_kwallet: open_session called without kwallet_key
18 00:05:01 rocket sddm-helper[3172]: pam_kwallet5(sddm:session): (null): pam_sm_open_session
18 00:05:01 rocket sddm-helper[3172]: pam_kwallet5(sddm:session): pam_kwallet5: open_session called without kwallet5_key
以下是相关的 pam 文件:
cat /etc/pam.d/common-auth|grep -v "^#"
auth sufficient pam_usb.so
auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
cat /etc/pam.d/sddm|grep -v "^#"
auth requisite pam_nologin.so
auth required pam_succeed_if.so user != root quiet_success
@include common-auth
-auth optional pam_gnome_keyring.so
-auth optional pam_kwallet.so
-auth optional pam_kwallet5.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session optional pam_keyinit.so force revoke
session required pam_limits.so
session required pam_loginuid.so
session required pam_systemd.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
-session optional pam_gnome_keyring.so auto_start
-session optional pam_kwallet.so auto_start
-session optional pam_kwallet5.so auto_start
@include common-password
session required pam_env.so
session required pam_env.so envfile=/etc/default/locale
如何配置 pam_usb 和 pam_kwallet(5) 以使其共存?
答案1
我没有找到比以下更好的东西:
cat /etc/pam.d/common-auth
auth sufficient pam_usb.so
@include common-auth-nousb
cat /etc/pam.d/common-auth-nousb
auth [success=1 default=ignore] pam_unix.so nullok_secure try_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
head /etc/pam.d/sddm
#%PAM-1.0
# Block login if they are globally disabled
auth requisite pam_nologin.so
auth required pam_succeed_if.so user != root quiet_success
# auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth-nousb
# gnome_keyring breaks QProcess
-auth optional pam_gnome_keyring.so
这虽然pam-auth-update
没用,但却达到了目的:现在我可以使用插入的密钥闪存驱动器进行启动,而无需手动解锁 kwallet。