dotfiles/.memory/plans/luks-sddm-kwallet-login-integration.md at 95974224f87f847a4d35800878ef0e1eb06043fc

alex/dotfiles

Files

alex wiesner 95974224f8 chore: update opencode workflow and local config

2026-03-12 12:14:33 +00:00

title, type, permalink, tags

title

type

permalink

Goal

Configure the system so login feels unified across LUKS boot unlock, SDDM, and KWallet.

[decision] User selected Password login instead of true SDDM autologin because password login preserves KWallet PAM unlock.
[decision] User selected Just document commands instead of expanding repo scope to manage /etc files directly.
[decision] Deliverable is repo documentation with exact manual system commands/edits; no tracked /etc files will be added in this change.

Dotfiles repo contains user-space config only; system auth files live outside the repo.
Current system already references pam_kwallet5.so in /etc/pam.d/sddm and /etc/pam.d/sddm-autologin, but the module is missing and silently skipped.
kwallet-pam is available in Arch repos and should provide the current PAM module for KWallet 6.
LUKS unlock and SDDM login are independent phases; there is no direct password handoff from initramfs to SDDM.
True SDDM autologin conflicts with password-based KWallet unlock because no login password is available to PAM during autologin.

Write documentation for package install and PAM edits needed for SDDM/KWallet integration
Document wallet initialization and verification steps
Review documentation for correctness and scope alignment
Validate documented commands against current system state where possible
Check documentation coverage/placement in repo

README documents the exact package install step and the exact PAM module substitutions needed.
README explicitly states that password login is the chosen model and true SDDM autologin is not part of this setup.
README includes KWallet initialization and verification steps suitable for this Arch + Hyprland + SDDM setup.
Reviewer/tester/librarian passes are recorded before completion.