On Fedora, the Login keyring (GNOME) and kwallet (KDE) are not unlocked after login. Chrome and other apps using the Secret Service API prompt for the keyring password on first use.
Root cause: on Fedora, gnome-keyring and kwallet daemons are managed by systemd user units, not by the session manager. pam_gnome_keyring.so auto_start and pam_kwallet.so auto_start launch the daemon during pam_open_session(), before the compositor starts and before the D-Bus session bus exists. The session's systemd-managed daemon starts independently and cannot receive the unlock state from the PAM-launched daemon.
Journal evidence (Fedora GNOME):
gkr-pam: gnome-keyring-daemon started properly -- PAM module OKgnome-session-service: App gnome-keyring-secrets.desktop sets X-GNOME-Autostart-Phase, but gnome-session no longer manages session services -- daemon started by systemd user unit insteadgnome-keyring-daemon: discover_other_daemon: 1 -- daemons find each other but unlock state is not transferred
On CachyOS (Arch-based), both GNOME/COSMIC (gnome-keyring) and KDE (kwallet) unlock correctly. On CachyOS, the session manager (gnome-session / ksmserver) still starts the wallet daemon as a session component, so it is started after the compositor and D-Bus are available, and the PAM handoff works.
GDM works on Fedora because it ensures the D-Bus session bus is available before running the PAM session.
On Fedora, the Login keyring (GNOME) and kwallet (KDE) are not unlocked after login. Chrome and other apps using the Secret Service API prompt for the keyring password on first use.
Root cause: on Fedora, gnome-keyring and kwallet daemons are managed by systemd user units, not by the session manager.
pam_gnome_keyring.so auto_startandpam_kwallet.so auto_startlaunch the daemon duringpam_open_session(), before the compositor starts and before the D-Bus session bus exists. The session's systemd-managed daemon starts independently and cannot receive the unlock state from the PAM-launched daemon.Journal evidence (Fedora GNOME):
gkr-pam: gnome-keyring-daemon started properly-- PAM module OKgnome-session-service: App gnome-keyring-secrets.desktop sets X-GNOME-Autostart-Phase, but gnome-session no longer manages session services-- daemon started by systemd user unit insteadgnome-keyring-daemon: discover_other_daemon: 1-- daemons find each other but unlock state is not transferredOn CachyOS (Arch-based), both GNOME/COSMIC (gnome-keyring) and KDE (kwallet) unlock correctly. On CachyOS, the session manager (gnome-session / ksmserver) still starts the wallet daemon as a session component, so it is started after the compositor and D-Bus are available, and the PAM handoff works.
GDM works on Fedora because it ensures the D-Bus session bus is available before running the PAM session.