Keepassxc: Pam module to auto-unlock default db with login password

Created on 17 Mar 2019 · 6Comments · Source: keepassxreboot/keepassxc

Summary

I've seen numerous questions here and there on how to make it unlock a password db on login without providing a password manually. I personally don't like the solutions proposed (like using a password stored in gnome keyring or kwallet which unlocks on login automaticly).

Desired Behavior

keepassxc should provide a pam module to unlock a "default" password db (like ~/.config/Passwords.kdbx) with the login password.

Possible Solution

kwallet-pam does exactly that for default kwallet db. Its source code can be used as a working example.

new feature

Source

dandelionred

❤1 👍1

All 6 comments

Is there a PAM module that can execute arbitrary dbus commands? If so, you can just configure it to issue the dbus commands to open and unlock the database of your choosing.

droidmonkey on 18 Mar 2019

Or even pam-script... https://github.com/jeroennijhof/pam_script

droidmonkey on 18 Mar 2019

@droidmonkey
Lol I was just now reading the pam_script repo :)

dandelionred on 18 Mar 2019

👍1

Even this http://manpages.ubuntu.com/manpages/bionic/man7/pam-script.7.html

dandelionred on 18 Mar 2019

Great minds think alike! If you get something working we can include it as an example in our wiki.

droidmonkey on 18 Mar 2019

After looking deeper into the sources: both kwallet and gnome keyring pam modules do the unlocking job on a daemon, the gui part acts on behalf of the daemon. Since keepassxc is a self-contained gui program it is not that _straightforward_ to implement unlock with pam _correctly_.

Feel free to close the issue, I'm kinda satisfied as far lol.

dandelionred on 19 Mar 2019

😕1 😄1

Was this page helpful?

0 / 5 - 0 ratings