I noticed that NetworkManager stopped storing WiFi passwords in Kwallet, not sure why. How can I enable it back? For example when I add a new connection and type in the key, Network Manager doesn't request any authorization to store it in Kwallet (and I didn't give one before either).

It's Debian testing, KDE 4.14.1.

Have the settings in systemsettings - account details - kwallet changed at all?

I don't think I changed that lately. Also, KDE Wallet Manager shows no stored passwords in "Network Management".

Current settings:

Enable KDE wallet subsystem (enabled)
Select wallet to use as default: kdewallet
Different wallet for local passwords (disabled)

There is also some exclamation mark on the wallet icon there, not sure why.

I believe this may be related to changes in how NetworkManager works - it now stores all the details itself rather than relying on desktop clients to store details for it.

bcooksley wrote:I believe this may be related to changes in how NetworkManager works - it now stores all the details itself rather than relying on desktop clients to store details for it.

I see. But how does it store them exactly? Are they left insecure?

They are stored in a system wide location I believe, and will likely only be readable by root (which NetworkManager runs as). I'm not familiar with the specifics of how they're stored unfortunately.

bcooksley wrote:They are stored in a system wide location I believe, and will likely only be readable by root (which NetworkManager runs as). I'm not familiar with the specifics of how they're stored unfortunately.

I'll try to find out. It sounds to me that if they aren't encrypted - it's a major regression from the previous functionality.

I noticed the following difference. When NetworkManager connection has this option disabled: "Connection name > General Configuration > All users may connect to this network" and my user is added to the list of allowed users, then NetworkManager does save the password in Kwallet and doesn't connect until it's authenticated (however it doesn't connect then when I log in from tty, so it's a bad option really, since I can't do anything for example if Xorg doesn't work, and I'm not sure how to authenticate it from nmcli).

When "All users may connect to this network" is enabled, then NetworkManager doesn't store WiFi password in KWallet and also it connects when you log in in tty. I'd still prefer passwords to be encrypted in the second case though...

That sounds about right - in order for all users to be able to use the connection the details must be stored in a system wide location.
There is nothing KDE can do to encrypt them - NetworkManager would have to do this itself (and it would be sort of pointless in any case, as all users would have to have the relevant password to decrypt them then).

bcooksley wrote:That sounds about right - in order for all users to be able to use the connection the details must be stored in a system wide location.
There is nothing KDE can do to encrypt them - NetworkManager would have to do this itself (and it would be sort of pointless in any case, as all users would have to have the relevant password to decrypt them then).

That's fine. But is there some way to authenticate NetworkManager with Kwallet when you are in a pure tty mode? I can access nmcli, but it obviously fails to connect.

Unfortunately not - the only way would be to get kded4 running, which is what hosts the KDE Network Management component.
Using it would make nmcli unusable though, and you need a X server running for kded4 to function.