97

There should be an option to open KWallet automatically after the login.

Typing my password twice every time i log in is a bit frustrating.
Gnomes keyring does this by default if your password is the same as your login password.

murrayy wrote:There should be an option to open KWallet automatically after the login.

Typing my password twice every time i log in is a bit frustrating.
Gnomes keyring does this by default if your password is the same as your login password.

No it should not. You should have different passwords for KWallet. And even more reasons to have different wallets for local and remote accounts.

The Kwallet idea is not just to be a one place where to store the login information and automatically push them to applications/webpages when needed, but to offer more secure measurements to secure your computer usage.

I have four different passwords for just the computer usage. My Account, my Kwallet local, Kwallet remote and root password. + Different passwords for my network devices, cellphones, server services. Every webpage I have different password and usually even different login names if possible to separate them from the nickname.

It is unwise to have a system what would open all the passwords for your emails, servers, websites etc, if other user just knows your login password.

This is called "single sign on" and was originally one of the goals for KDE 4, but somehow seems to got lost on the way. Google for "KDE 4 single sign on" and you'll find a lot of discussions, bug reports (wishlist) or even pages on the KDE wiki concerning this.

Fri13 wrote:No it should not. You should have different passwords for KWallet. And even more reasons to have different wallets for local and remote accounts.

The Kwallet idea is not just to be a one place where to store the login information and automatically push them to applications/webpages when needed, but to offer more secure measurements to secure your computer usage.

I have four different passwords for just the computer usage. My Account, my Kwallet local, Kwallet remote and root password. + Different passwords for my network devices, cellphones, server services. Every webpage I have different password and usually even different login names if possible to separate them from the nickname.

It is unwise to have a system what would open all the passwords for your emails, servers, websites etc, if other user just knows your login password.

I have no importaant passwords in my wallet and no one has access to my computer.
And I have a strong login password.
For users like me there should be an option, disabled by default.

Fri13 wrote:The Kwallet idea is not just to be a one place where to store the login information and automatically push them to applications/webpages when needed, but to offer more secure measurements to secure your computer usage.

Sure, but in a way I think some kde-apps rely too heavily on kwallet. Personally, I don't feel like I need kwallet. Why? Because I keep everything encrypted (double encryption too.../home is encrypted and some really sensitive documents are locked away in file-based container) anyway and have a strong password. If a potential cracker/thief has incentive enough to circumvent both password and disk-encryption I probably have bigger things to worry about than whether they have access to my kwallet as well...

And yet I keep kwallet enabled because some programs works better with it enabled. Kmess used to be that way for example, as did Bilbo Blogger and last time I tried, choqok.

That being said, I think the UI of kwallet need some TLC...

murrayy wrote:

Fri13 wrote:No it should not. You should have different passwords for KWallet. And even more reasons to have different wallets for local and remote accounts.

The Kwallet idea is not just to be a one place where to store the login information and automatically push them to applications/webpages when needed, but to offer more secure measurements to secure your computer usage.

I have four different passwords for just the computer usage. My Account, my Kwallet local, Kwallet remote and root password. + Different passwords for my network devices, cellphones, server services. Every webpage I have different password and usually even different login names if possible to separate them from the nickname.

It is unwise to have a system what would open all the passwords for your emails, servers, websites etc, if other user just knows your login password.

I have no importaant passwords in my wallet and no one has access to my computer.
And I have a strong login password.
For users like me there should be an option, disabled by default.

i agree with murrayy

murrayy wrote:There should be an option to open KWallet automatically after the login.

Typing my password twice every time i log in is a bit frustrating.
Gnomes keyring does this by default if your password is the same as your login password.

Just don't set a password and it will open without asking.

I agree with this and generally just set my password blank for conveniance but surely that means that it is stored unencrypted when storing it with the original login details would at least provide some protection from people who some how manage to get remote SSH access. All the same I am going to upvote this.

Greetings all,

Would it be possible to do it the other way, i.e., when the user logs in:
- Use the provided password to try to open the user's KWallet;
- Check whether the KWallet contains the user's password;
- Use it to log the user in;
- Otherwise fall back on the standard method.

Just an idea anyway. What I like about this idea is that it gives the user the freedom to choose between logging in with their usual password, and their KWallet password. If they don't like KWallet and don't want to use it the system still works as usual for them.

The drawback is that for the user to make use of this system, they'll have to put their account's password in KWallet. Well, this is only a drawback as far as you don't trust KWallet, I suppose.

Thoughts? Is it even possible to query KWallet from within KDM, before the user is logged in?

There could be a configuration for a single wallet to make it use 'single signon behavior'. Then the user could choose to put non-important passwords in that wallet, and more important passwords in another safer wallet.

psn wrote:

murrayy wrote:There should be an option to open KWallet automatically after the login.

Typing my password twice every time i log in is a bit frustrating.
Gnomes keyring does this by default if your password is the same as your login password.

Just don't set a password and it will open without asking.

Yes, but so my passwords wont be encrypted at all.
I dont need my passwords secure when im sitting in front of my computer, but when I'm away, and someone steals my computer, or, more likely, my laptop, they'll get my passwors too easy.

tkjacobsen wrote:There could be a configuration for a single wallet to make it use 'single signon behavior'. Then the user could choose to put non-important passwords in that wallet, and more important passwords in another safer wallet.

I like that idea too!

You can set an empty password than kwallet will not annoy you anymore. Perhaps not the most secure method but it's the way I do it and everthing's fine.

There actually is a written pam module to automaticly open the wallet, at least in the openSuse repos. Haven't tried it; dunno if it works for KDE4. I suspect that it will require the wallet to have the same password as login.

murrayy wrote:Yes, but so my passwords wont be encrypted at all.
I dont need my passwords secure when im sitting in front of my computer, but when I'm away, and someone steals my computer, or, more likely, my laptop, they'll get my passwors too easy.

Thats why you need to have different passwords for your login and your kwallet. You need to have different passwords (at least password, better if username too!) on different websites. Using only one is very stupid, even more stupid if user has a laptop!

KWallet idea is to store all different logins/passwords behind one master password. What need to be opened after you login to your computer. Your account username and password is usually the easiest to crack because it is usually secured with common password to you. User username is usually the first name of the user. This is default and not many change the username to other like "h4ck3r" and password to include a-z, A-Z, 0-9 and !-? special letters.

If user has one password for login and kwallet, it is most likely to have same password and username for different websites. And Kwallet can not do it's job if user have same password/loginname most/all different places. Different password/loginname is one of the crucial security lessons what user need to get. And this is ruined by sudo and other same ideas where user have one password+loginname for different places. Thief/cracker only need to know those from one place (of many) and they have access to all. If user have different usernames/passwords, thief/cracker can access only to one place.

What point to have Kwallet if you can get access to all sites just by knowing the loginname and password? _nothing_!

tkjacobsen wrote:There could be a configuration for a single wallet to make it use 'single signon behavior'. Then the user could choose to put non-important passwords in that wallet, and more important passwords in another safer wallet.

I like that idea too!

Well, that is one idea but why not just place the kwallet to close wallet only when the screensaver starts? You only need to type one time the kwallet password and when you leave computer, just lock it with ctrl+alt+L or from menu!

KWallet has few security problems like it should block applications to open when wallet is closed. Like when you use Kwallet to store Kmail account passwords, you do not need to type a password to get access to emails. You can read what have received or sent and that is usually enough.

This is bad thing when you allow other person to use your computer but you close the wallet so she/he can not access the personal files. (this could be fixed to include a encryption possibilities for Kwallet too, so it would allow Kleopatra to encrypt mailboxes and decrypt them when opening, more like own container with fast access).

Many families have one computer and it is used sometimes short times by someone other. Like someone wants to read their webmail or check when the bus is leaving. Guest account is "too dificult" (best option!) to use, but it would still be nice to lock the stuff what Kwallet protects.

This means that Kwallet should a) encrypt/decrypt files (emails etc) and b) store multiple logins on websites and c) hide usernames on websites if they are stored to kwallet and wallet is closed. This way you could get empty login-box if wallet is closed and if it is open, you get list of usernames.

I dont get it. Whats the problem if my login password is secure enough?