i dont know why but since i updated amarok to amarok-2.1.80-1mdv2010.0 every time i boot my system, kwallet asks me to eneter the password for amarok ! why amarok asks a password ? . Anyway i dont like this behavor, is it possible to desactivate it ?

This is needed to store the last.fm password in an encrypted way. You can deactivate the kdewallet for Amarok, just be aware that the password will be stored in clear text then.

Also, if you store all passwords with the option "allow always", you only need to enter the wallet password once when you start up the first application that uses the wallet. I use it for all passwords, and as I start Kontact on KDE start, I am asked at that moment. A big advantage as I don't have to enter all the passwords separately.

Of course this is maybe not suitable if other people can access that computer, but then one should lock the screen when going AFK anyway

There is not method to deactivate kwallet so I need to deactivate lastfm becouse this is anoing .

Add new functionalities are good but put a configuration check for compatability is costless and very useful.

You can deactivate kwallet globally using kwalletmanager. But I prefer and use encrypted passwords, so kwallet only asks for the first application accessing kwallet.

m0nk

Dieter Schroeder wrote:You can deactivate kwallet globally using kwalletmanager. But I prefer and use encrypted passwords, so kwallet only asks for the first application accessing kwallet.

m0nk

I'm not interested in deactivate kwallet globally because I store in it important data. Lastfm is not important for me an a plain text password is valid. New feature is anoing and I need to write password anytime I run Amarok.

Yes I can kwallet allways open but, this is really insecure ¿don't you think?.

Plain text passwords must be supported as KMail do. I can't see where is the difficult in the next code:

if plain_text {
use plain text
} else {
use kwallet
}

I see. So you're using plaintext on your mail account? And if you store important data in kwallet, why not store one more password.
Remember, you don't enter the password exclusively for Amarok, but for all applications using data stored in your wallet(s). And it's not insecure (closing kwallet after 10min of inactivity, when screensaver starts etc.) to keep it open.
To view the content you have to enter your masterpassword.
For me every password is important per se, but maybe I'm paranoid.

m0nk

Dieter Schroeder wrote:I see. So you're using plaintext on your mail account? And if you store important data in kwallet, why not store one more password.
Remember, you don't enter the password exclusively for Amarok, but for all applications using data stored in your wallet(s). And it's not insecure (closing kwallet after 10min of inactivity, when screensaver starts etc.) to keep it open.
To view the content you have to enter your masterpassword.
For me every password is important per se, but maybe I'm paranoid.

m0nk

Not all passwords are equal, I'm not using my real name and real information in lastfm so it's not important for me. On the other side, I store in kwallet important passwords and my real name and real info.

Store all my passwords, important and not important in kwallet, is as stupid as use a security box to store my money and my lunch. A password for this forum is not important for me so I don't store it in kwallet. On the other side, this forum remembers me so, if I login again and password is stored in kwallet the forum don't anoing me calling kwallet every time I connect it. Amarok requires my kwallet password in every launch and this is anoing. Conclusion, I deactivate my lastfm account.

Ignacio Serantes wrote:... Amarok requires my kwallet password in every launch and this is anoing. Conclusion, I deactivate my lastfm account.

No, it doesn't! Please read correctly what Dieter told you, your understanding of the way kdewallet works is wrong!

If you choose that Amarok uses kdewallet without prompting you everytime, then activate the option "Access always". Since you can configure the wallet to be opened only *once* in a KDE session, and since you are using KMail, which I guess is running by default on startup, the Wallet will be already open, so Amarok will *not* prompt you for the last.fm password every time.

It works like this since ages and does quite fine here.

I think you should read some documentation about how a wallet works ...

personaly, i desactivated lastfm too. I know that after the kwallet is open for all the session but the annoying is the window dialog on startup. I had with kopete the same "problem" and i choosed to save the password non safety to avoid this dialog on startup.

Mamarok wrote:

Ignacio Serantes wrote:... Amarok requires my kwallet password in every launch and this is anoing. Conclusion, I deactivate my lastfm account.

No, it doesn't! Please read correctly what Dieter told you, your understanding of the way kdewallet works is wrong!

If you choose that Amarok uses kdewallet without prompting you everytime, then activate the option "Access always". Since you can configure the wallet to be opened only *once* in a KDE session, and since you are using KMail, which I guess is running by default on startup, the Wallet will be already open, so Amarok will *not* prompt you for the last.fm password every time.

It works like this since ages and does quite fine here.

I think you should read some documentation about how a wallet works ...

I have important info in my Kwallet so I configure it to close five minutes after last use. I don't sure how secure is Kwallet in memory and if is has security leaks when is running and, on the other side, many times I leave my computer with kwallet always running is unconfortable for me because not always I remember to lock my session.

Well, explain my point off view in english is hard and cost less create a patch and apply to my Amarok build. Forgot my comments.

If somebody was interested in deactivate KWallet for LastFM all the code was located in src/services/lastfm/LastFMServiceConfig.cpp.

You must comment all kwallet code and Amarok works again without calling Kwallet, because the program ignored the option to store user and password on plain text and tries over and over and over and over again use Kwallet .

I don't know who write lastFM service but there is a bug with ignoreWallet configuration option.

This option is totally ignored because LastFmServiceConfig::LastFmServiceConfig() has incorrect logic.

The line

if( KWallet::Wallet::isEnabled() )

must be changed for

if( config.hasKey( "ignoreWallet" ) && ( config.readEntry( "ignoreWallet", QString() ) == "no" ) && KWallet::Wallet::isEnabled() )

or something similar. I include "config.hasKey( "ignoreWallet" )" because I don't know how to do a typecast in C.

With this change the line:

KConfigGroup config = KGlobal::config()->group( configSectionName() );

must be moved before the if.

Ignacio Serantes wrote:I'm not interested in deactivate kwallet globally because I store in it important data. Lastfm is not important for me an a plain text password is valid. New feature is anoing and I need to write password anytime I run Amarok.

Actaully, you can make it non-annoying even without removing/disabling amarok's support/need for kwallet. Okay, it's annoying the first time but after that it's seamless.

What you do is create an additonal wallet within kwallet manager, and set it to be password-less. After that, you make sure amarok (and other apps where you think a plain-text password is secure enough) uses this insecure wallet rather than the one with a strong password. Additionally, as soon as amarok tries to use this insecure wallet you tell kwallet to "Allow always".

It's possible to do, although the UI of kwallet makes it harder to accomplish than what it needs to be. I always have to experiment a bit before I remember how to do it...

Well, a secure lock always open is an interest workaround without no doubt but, I think that fixing ignoreWallet configuration option is a better solution. I cant' really understand the utility of ignoreWallet if Amarok is not ignoring KWallet.

I really can't see the technological advantage of a password less wallet over plain text password in configuration files .

Ignacio Serantes wrote:I really can't see the technological advantage of a password less wallet over plain text password in configuration files .

Well, not really no. I was thinking more along the lines of "It's possible to get the non-annoying behavhior today without patching the sources (which most people wouldn't know how to do - especially if they're using binary packages most of the time) or waiting for an update where the plain-text option may, or may not, be implemented".

Although a passwordless wallet is still encrypted when kwallet isn't running AFAIK, although in a situation where you want a plaintext option that's not likely to be a decisive matter...