Auto-unlocking gnome-keyring does not work when using pam_sss

The Gnome Keyrings "Login" and "Default" are not unlocked automatically on my Linux Mint 22 machine. This is an LDAP user account and login goes throughg pam_sss.so (SSSD). The journal seems to indicate that pam_gnome_keyring.so does not receive the entered password (gkr-pam: no password is available for user), but I do not understand why:

$ sudo journalctl -b | egrep -i 'keyring|pam'
Okt 11 17:24:16 promoter lightdm: gkr-pam: gnome-keyring-daemon started properly
Okt 11 17:24:17 promoter lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "fritz"
Okt 11 17:24:22 promoter lightdm: pam_sss(lightdm:auth): authentication success; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=fritz
Okt 11 17:24:22 promoter lightdm: gkr-pam: no password is available for user
Okt 11 17:24:22 promoter lightdm: pam_unix(lightdm:session): session opened for user fritz(uid=30108) by (uid=0)
Okt 11 17:24:22 promoter lightdm: gkr-pam: gnome-keyring-daemon started properly

Here's the (hopefully) relevant sections of my PAM auth config. I could provide more, but I don't think that common-account, common-session, and common-password are relevant to this question:

$ cat /etc/pam.d/lightdm
#%PAM-1.0
auth    requisite       pam_nologin.so
auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
-auth    optional        pam_gnome_keyring.so
-auth    optional        pam_kwallet.so
-auth    optional        pam_kwallet5.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
#session required        pam_loginuid.so
session required        pam_limits.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
-session optional        pam_gnome_keyring.so auto_start
-session optional        pam_kwallet.so auto_start
-session optional        pam_kwallet5.so auto_start
session required        pam_env.so readenv=1
session required        pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale
@include common-password

$ /etc/pam.d/cat common-auth 
# here are the per-package modules (the "Primary" block)
auth	[success=2 default=ignore]	pam_sss.so
auth	[success=1 default=ignore]	pam_unix.so nullok
# here's the fallback if no module succeeds
auth	requisite			pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth	required			pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth	required	pam_ecryptfs.so unwrap
auth	optional			pam_cap.so 
# end of pam-auth-update config

###### Further observations: * The journal message gkr-pam: no password is available for user also appears when unlocking the screensaver from source cinnamon-screensaver-pam-helper.