Commit b0ac7bbd authored by David Edmundson's avatar David Edmundson

Add readme explaining how kwallet-pam works

Summary:
I wasted too long before starting some hacking, I want
to make it easier for the next person

Test Plan: N/A

Reviewers: #plasma, apol

Reviewed By: apol

Subscribers: apol, plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D20081
parent b8eb3bd3
How kwallet-pam works:
During the pam "auth" (pam_authenticate) stage the module gets the password in plain text.
It hashes it against a random salt previously generated by kwallet of random data and keeps it in memory.
When we get to the "session" (pam_open_session) stage the pam module forks and launches kwalletd as the user with file descriptor AND a socket.
We send the salted password over the file descriptor after forking and write the socket address to an env variable.
KWalletd recieves the pre-hashed key and then sits there doing nothing. (before the QApplication constructor)
Later after session startup (autostart apps phase 0) a small script passes the newly set environment from the user session to kwalletd over the socket.
kwalletd receives this, sets the environment variables and continues into the normal bootup.
The session env is needed as if we launch pre session various important env vars are not set and kwalletd is a graphical app.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment