--- title: luks-sddm-kwallet-login-integration type: note permalink: dotfiles/plans/luks-sddm-kwallet-login-integration tags: - auth - sddm - kwallet - luks --- # LUKS / SDDM / KWallet login integration ## Goal Configure the system so login feels unified across LUKS boot unlock, SDDM, and KWallet. ## Clarified scope - [decision] User selected **Password login** instead of true SDDM autologin because password login preserves KWallet PAM unlock. - [decision] User selected **Just document commands** instead of expanding repo scope to manage `/etc` files directly. - [decision] Deliverable is repo documentation with exact manual system commands/edits; no tracked `/etc` files will be added in this change. ## Discovery - Dotfiles repo contains user-space config only; system auth files live outside the repo. - Current system already references `pam_kwallet5.so` in `/etc/pam.d/sddm` and `/etc/pam.d/sddm-autologin`, but the module is missing and silently skipped. - `kwallet-pam` is available in Arch repos and should provide the current PAM module for KWallet 6. - LUKS unlock and SDDM login are independent phases; there is no direct password handoff from initramfs to SDDM. - True SDDM autologin conflicts with password-based KWallet unlock because no login password is available to PAM during autologin. ## Tasks - [ ] Write documentation for package install and PAM edits needed for SDDM/KWallet integration - [ ] Document wallet initialization and verification steps - [ ] Review documentation for correctness and scope alignment - [ ] Validate documented commands against current system state where possible - [ ] Check documentation coverage/placement in repo ## Acceptance criteria - README documents the exact package install step and the exact PAM module substitutions needed. - README explicitly states that password login is the chosen model and true SDDM autologin is not part of this setup. - README includes KWallet initialization and verification steps suitable for this Arch + Hyprland + SDDM setup. - Reviewer/tester/librarian passes are recorded before completion. ## Workstream - Single workstream in the main repo working tree.