How do I make kded5 and Plasma's network manager stop trying to use KWallet?

Question

I have Ubuntu 20.04 and 22.04 machines with a persistent problem of showing an obnoxious dialog

KDE Wallet Service: The application 'kded5' has requested to open the wallet 'kdewallet'. Please enter the password for this wallet below.

that I have to swat away every time I login. This is a common problem asked about in multiple forums (e.g, 1, 2, 3, 4, 5, 6, 7), but with no clear answer. This question is specifically a follow-up to this AskUbuntu question.

In this answer to that question, 'Freeman' claims that the maintainer of kded5 has said this:

On login, networkmanager tries to connect to the wifi and therefore needs access to kwallet. org.kde.plasmanetworkmanagement is a kded module so the request comes from the kded5 process.

Assuming this is true, the source of the problem seems to be that Plasma's network manager assumes the WiFi password will be kept in a KWallet wallet, so every time I login and connect back to the WiFi, kded5 throws this modal trying to open an nonexistent wallet on the Plasma network manager's behalf.

On Gnome-based DEs, I have never encountered a problem like this, so it's natural to ask, "Since this isn't a problem on Gnome, why can't Plasma do the same thing Gnome does?" On these DEs, the network manager stores WiFi passwords in files inside the /etc/NetworkManager/system-connections/, which are root-readble only but unencrypted, so there's no need to pester the user constantly to decrypt them the way Plasma does. Indeed, this directory and files corresponding to my WiFi already exist on both computers affected by this problem, so there's no reason the network manager can't get the passwords from them instead of demanding the use of KWallet. In fact, since I have never established a KWallet wallet, and yet I'm able to connect to Wifi, I have to assume that Plasma is already getting the WiFi password from these files, making the KWallet pop-up dialog even more pointless.

So, how do I get Plasma's network manager to stop trying to retrieve WiFi passwords from KWallet?

Please note that whether KWallet is enabled or disabled is neither the problem nor the solution. The annoying dialog is being thrown by kded5, not by KWallet, and kded5 will continue to throw the dialog because it's programmed to look for a wallet regardless of whether KWallet is enabled or not. In fact, I have KWallet disabled, and I continue to have this problem.

Answer 1

I realize that you are not interested in merely dismissing or disabling the prompt for the KDE Wallet Service, but I will include it briefly below, for the sake of completeness for others.

The source of the problem could be that an application is trying to access stored credentials, and the KDE Wallet Service is doing its job by asking for the password to unlock the wallet. However, if you find this prompt annoying or unnecessary, there are a few ways to prevent it:

A1. Disable the KDE Wallet Service: You can disable the KDE Wallet Service by going to the KDE menu, typing "wallet" to show KWalletManager, going to settings, and unchecking "kwallet system active". You can also disable it by editing the kwalletrc file located in ~/.kde/share/config/ or ~/.config/, and adding the line Enabled=false under the [Wallet] section.

A2. Store WiFi password unencrypted (not recommended): If the prompt is specifically for connecting to WiFi, you can choose to store your WiFi password unencrypted. This can be done by opening your WiFi connection settings, going to the WiFi-security tab, and choosing the "store password (Non Encrypted)" option.

A3. Automatically unlock KDE Wallet on login: If your login and wallet passwords match and kwallet-pam is installed, the KDE Wallet will be unlocked automatically on login. This is generally a better solution than disabling the wallet, as it is used to store your secrets[1].

Please note that while these methods can prevent the KDE Wallet Service message from appearing, they may have implications for the security of your stored credentials. Disabling the KDE Wallet Service or storing passwords unencrypted can make your credentials more vulnerable. Therefore, it's important to consider the security implications before implementing these solutions.

To fix the issue of the KDE Wallet Service not unlocking automatically on login, you should ensure that the KDE Wallet password is the same as your user login password and that the PAM module for KDE Wallet (kwallet-pam) is correctly configured. Here are the steps to resolve the issue:

B1. Install kwallet-pam: Make sure that the kwallet-pam package is installed on your system. This package provides the necessary PAM (Pluggable Authentication Modules) integration for KDE Wallet.

B2. Ensure Passwords Match: Your user account password and the KDE Wallet password must be identical for the automatic unlocking to work.

B3. Configure PAM: Check the PAM configuration files to ensure that pam_kwallet5.so is included correctly. For example, the /etc/pam.d/sddm file should include the following lines:

auth     optional  pam_kwallet5.so
session  optional  pam_kwallet5.so auto_start

B4. Wallet Name and Encryption: The wallet should be named kdewallet (which is the default name) and use the standard blowfish encryption. kwallet-pam is not compatible with GnuPG keys.

B5. Disable Auto-Close: In KDE Wallet settings, disable the option "Close when last application stops using it" to prevent the wallet from closing after each usage.

B6. Remove Default Wallet: If you have issues after changing your password, you may need to remove the default created wallet, thus removing all stored entries, and then create a new wallet with the same password as your user account.*

B7. Reboot: After making these changes, reboot your system to ensure that the changes take effect.

If you are using autologin or a fingerprint reader for logging in, note that the wallet cannot be unlocked automatically in these cases. If you encounter a wallet prompt after every login, you may need to rename or delete the ~/.kde4/share/apps/kwallet folder.

By following these steps, KDE Wallet should unlock automatically when you log into your KDE session.

• To reset the KDE Wallet Service, you need to delete the existing wallet and create a new one. Here are the steps to do this:

C1. Open the KDE Wallet Manager: You can do this by searching for "KWalletManager" in your system's application menu or by running the command kwalletmanager5 in the terminal.

C2. Delete the existing wallet: In the KDE Wallet Manager, right-click on the wallet (usually named 'kdewallet') and select "Delete Wallet". Confirm the deletion in the pop-up window.

C3. Delete the wallet file: If the above step doesn't work, you can manually delete the wallet file. The location of this file depends on your KDE version. For older versions, the file is located at /home/<user name>/.kde/share/apps/kwallet/kdewallet.kwl. For newer versions, it's at /home/<user name>/.local/share/kwalletd/kdewallet.kwl.

C4. Create a new wallet: After deleting the old wallet, you can create a new one. In the KDE Wallet Manager, go to File > New Wallet. Follow the prompts to set a new password for your wallet.

Please note that deleting the wallet will remove all stored entries, including passwords and other secret data. Make sure to back up any important data before proceeding with these steps.