Hello everyone!
I daily drive a Nobara install with my main drive being an LUKS encrypted M.2 drive. Every time I boot my computer I get presented with the password prompt to unlock the drive and afterwards get prompted with my login manager to login.
Is there any way to combine these steps into a single prompt? It is starting to get a bit annoying having two steps every time I boot.
You must log in or # to comment.
Several Display Managers support auto login. For example :
Thank you very much. The DM setting where shuffled a bit in Plasma 6, but I managed to find it under SDDM > Behaviour.
Be aware that kwallet will require you to enter your password if you auto-login. Kwallet usually saves your passwords for wifi etc. That’s why auto-login with KDE doesn’t make much of a difference in most use cases
This is fine for my use case. I don run wifi on my gaming rig but I guess I’ll see if any other things prompt me for password after logging in next time.
Edit: Nope, I have no clue what is even possibly stored in Kwallet, if anything, but it still pops up and requests password. Ironically i went from typing my password 2 times to 3 times by enabling auto-login. I know have to unlock the keyring once I login, and then unlock Kwallet once I try to launch Discord. We love it.
It’s fairly common for apps to save login information in Kwallet on your keyring, so anytime those credentials on your keyring need to be accessed (like automatically logging into Discord when it starts), you will need to unlock your keyring. It’s generally easier to just log into your profile with a password, as Kwallet won’t need to get you to unlock it separately.
Can you configure KWallet with no password? Often you can do something like set an empty password and it will auto-decrypt with no prompt.
This may be undesirable as apps running in your user can access what is in KWallet but honestly this is probably the case anyways. If you are running unsandboxed untrusted applications you have already lost.
I tried to do this a while ago with a GNOME system, setting GDM to automatically log me in, but I ended up always getting prompted for my password from gnome-keyring shortly after logging in which seemed to defeat the point. If you use GNOME, you might want to look at ArchWiki’s gnome-keyring page which describes a couple solutions to this problem (under the PAM section) which should be applicable on any systemd distro.
Don’t automatically unencrypt. Auto login is fine though, but you’ll need to search for how to do it in your display manager. For example in sddm. If you have multiple users, use passwordless login instead.
No, auto-unencrypting sounds like it would defeat the entire point of an encrypted drive to begin with. I’m only using auto login.
deleted by creator
Another approach entirely is to use pam_mount(8) which can automatically mount a disc on login. I use it to mount /home/$USER (obviously this couldn’t be used to mount the root fs !!)
On NixOS I did this:
services.displayManager.autoLogin = { enable = true; user = "kevincox"; }; # Avoid setting up a keyring every time I do a non-auto login. # https://gitlab.gnome.org/GNOME/seahorse/-/issues/159 security.pam.services.login.enableGnomeKeyring = lib.mkForce false;
