[SOLVED] Cannot unlock gnome "login" keyring on login. | Arch Linux Community | Page 1

sour fulcrum Apr 29, 2026, 11:26 AM

#

Hey, im using ly as my login manager/greeter/display manager. Default config in /etc/pam.d/ly:

#%PAM-1.0

auth       include      login
-auth      optional     pam_gnome_keyring.so
-auth      optional     pam_kwallet5.so

account    include      login

password   include      login
-password  optional     pam_gnome_keyring.so use_authtok

-session   optional     pam_systemd.so       class=greeter
-session   optional     pam_elogind.so
session    include      login
-session   optional     pam_gnome_keyring.so auto_start
-session   optional     pam_kwallet5.so      auto_start

should support this already.

i also have /etc/pam.d/passwd as:

#%PAM-1.0
auth        include        system-auth
account        include        system-auth
password    include        system-auth
password    optional    pam_gnome_keyring.so

so the password of the login keyring is in sync with my password of the user.

keyrings:

.local/share/keyrings
├── default
└── login.keyring

default:

login

login.keyring

[keyring]
display-name=Login
ctime=0
mtime=1777293315
lock-on-idle=false
lock-after=false

[2]
item-type=0
...
<redacted>

currently without passwd to show the keyring in plain text

#

Cannot unlock gnome "login" keyring on login.

#

im also using hyprland so maybe its a session management thing? maybe i need to start a diffrent systemd unit?

sonic mortar Apr 29, 2026, 12:06 PM

#

sour fulcrum im also using hyprland so maybe its a session management thing? maybe i need to ...

After login check

echo $XDG_RUNTIME_DIR
echo $DBUS_SESSION_BUS_ADDRESS
ps aux | grep keyring
```??

sour fulcrum Apr 29, 2026, 12:18 PM

#

$: echo $XDG_RUNTIME_DIR
>> /run/user/1000

$: echo $DBUS_SESSION_BUS_ADDRESS
>> unix:path=/run/user/1000/bus

$: ps aux | grep keyring
>> <username>      1028  0.0  0.0 183164  9812 ?        SLsl 13:43   0:00 /usr/bin/gnome-keyring-daemon --foreground --components=pkcs11,secrets --control-directory=/run/user/1000/keyring
<username>      7964  0.0  0.0   6996  4324 pts/4    S+   14:17   0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn --exclude-dir=.idea --exclude-dir=.tox --exclude-dir=.venv --exclude-dir=venv keyring

sonic mortar Apr 29, 2026, 12:41 PM

#

sour fulcrum ``` $: echo $XDG_RUNTIME_DIR >> /run/user/1000 ``` ``` $: echo $DBUS_SESSION_BU...

Test secret-tool lookup test test??

sour fulcrum Apr 29, 2026, 12:44 PM

#

no output

#

passwd[15065]: pam_unix(passwd:chauthtok): password changed for <username>
passwd[15065]: gkr-pam: changed password for login keyring

if i change my passwd it also changed the gkr password

#

so thats working

#

due to bitwarden on startup i immediately get:

#

(systemd)[1010]: pam_unix(systemd-user:session): session opened for user <username>(uid=1000) by <username>(uid=0)
systemd[1010]: Listening on GNOME Keyring daemon.
ly-dm[951]: pam_unix(ly:session): session opened for user <username>(uid=1000) by <username>(uid=0)
systemd[1010]: Started GNOME Keyring daemon.
gnome-keyring-daemon[1032]: GNOME_KEYRING_CONTROL=/run/user/1000/keyring
ly-dm[951]: gkr-pam: couldn't unlock the login keyring.
ly-dm[951]: gkr-pam: couldn't unlock the login keyring.
systemd[1010]: Starting Portal service (GTK/GNOME implementation)...
systemd[1010]: Started Portal service (GTK/GNOME implementation).

journalctl logs of interest:

#

it tries to unlock it twice because i have it in pam.d/login and pam.d/ly

#

but if i reset my pam.d/login it still doesnt work. it just prints it once

sour fulcrum Apr 30, 2026, 6:20 AM

#

fixed it. my system-auth contained fprint-grosshack which consumed my password.

#[SOLVED] Cannot unlock gnome "login" keyring on login.