Re: Kmail without kdewallet?
On Monday, 2017-09-18, 22:53:01, cr wrote: > On Monday, 18 September 2017 12:11:57 PM NZST Kevin Krammer wrote: > > On Wednesday, 2017-09-06, 23:58:24, cr wrote: > > > I'm running Kmail 5.2.3 and kdewallet under Debian 9. Can I safely > > > uninstall kdewallet? (Kmail is the only program I run that uses it). > > > > > > Reason is, I usually start Kmail on my server via ssh from some laptop > > > or > > > other. If I go to fetch mail from my ISP, Kmail opens a box for my > > > ISP's > > > mail password (the same as my previous installation of Kmail 4 did). > > > However, IF I've previously logged in to my server, kdewallet opens a > > > box > > > for its password on the server instead, which is a nuisance (and much > > > bafflement before I accidentally found this out). > > > > One option would be to authorize access to KWallet through the login > > procedure itself. > > > > There is a package for the kwallet PAM integration, which unlocks the > > wallet on login with the credentials provided to the login process. > > > > I've been using that (libpam-kwallet5) since I've switched to Plasma 5. > > > > Requires the wallet to have the same password as for login but very > > convenient to have it automatically unlocked at the begin of a session. > > > > Cheers, > > Kevin > > I may have managed to solve it by similar means. > > I reluctantly (in case it did something else horrible) installed Kwallet > Manager, and set the Kwallet password to blank (the mail password inside > Kwallet is still correct). And now Kmail goes and fetches mail without > opening a Kwallet password box and without asking for the mail password. > > This is on my server, hopefully it will still work that way next time I ssh > in. > > (I know it's a 'security hole' but only exactly the same, I think, as having > kwallet share my login password. Which it already did anyway, as it > happened...) Similar but not the same. Having an empty password only requires read access to the file, unlocking with PAM requires the system to run and the password to be provided through the system's login process. A bit like with hard disc encryption: once the system is unlocked and running the processes have access to the data. If the system is not running or the encyrption has not been unlocked then there is no access. Cheers, Kevin -- Kevin Krammer, KDE developer, xdg-utils developer KDE user support, developer mentoring signature.asc Description: This is a digitally signed message part.
Re: Kmail without kdewallet?
On Monday, 18 September 2017 12:11:57 PM NZST Kevin Krammer wrote: > On Wednesday, 2017-09-06, 23:58:24, cr wrote: > > I'm running Kmail 5.2.3 and kdewallet under Debian 9. Can I safely > > uninstall kdewallet? (Kmail is the only program I run that uses it). > > > > Reason is, I usually start Kmail on my server via ssh from some laptop or > > other. If I go to fetch mail from my ISP, Kmail opens a box for my ISP's > > mail password (the same as my previous installation of Kmail 4 did). > > However, IF I've previously logged in to my server, kdewallet opens a box > > for its password on the server instead, which is a nuisance (and much > > bafflement before I accidentally found this out). > > One option would be to authorize access to KWallet through the login > procedure itself. > > There is a package for the kwallet PAM integration, which unlocks the wallet > on login with the credentials provided to the login process. > > I've been using that (libpam-kwallet5) since I've switched to Plasma 5. > > Requires the wallet to have the same password as for login but very > convenient to have it automatically unlocked at the begin of a session. > > Cheers, > Kevin I may have managed to solve it by similar means. I reluctantly (in case it did something else horrible) installed Kwallet Manager, and set the Kwallet password to blank (the mail password inside Kwallet is still correct). And now Kmail goes and fetches mail without opening a Kwallet password box and without asking for the mail password. This is on my server, hopefully it will still work that way next time I ssh in. (I know it's a 'security hole' but only exactly the same, I think, as having kwallet share my login password. Which it already did anyway, as it happened...) Chris
Re: Kmail without kdewallet?
On Wednesday, 2017-09-06, 23:58:24, cr wrote: > I'm running Kmail 5.2.3 and kdewallet under Debian 9. Can I safely > uninstall kdewallet? (Kmail is the only program I run that uses it). > > Reason is, I usually start Kmail on my server via ssh from some laptop or > other. If I go to fetch mail from my ISP, Kmail opens a box for my ISP's > mail password (the same as my previous installation of Kmail 4 did). > However, IF I've previously logged in to my server, kdewallet opens a box > for its password on the server instead, which is a nuisance (and much > bafflement before I accidentally found this out). One option would be to authorize access to KWallet through the login procedure itself. There is a package for the kwallet PAM integration, which unlocks the wallet on login with the credentials provided to the login process. I've been using that (libpam-kwallet5) since I've switched to Plasma 5. Requires the wallet to have the same password as for login but very convenient to have it automatically unlocked at the begin of a session. Cheers, Kevin -- Kevin Krammer, KDE developer, xdg-utils developer KDE user support, developer mentoring signature.asc Description: This is a digitally signed message part.
Re: Kmail without kdewallet?
On Thursday, 7 September 2017 10:09:08 AM NZST René J.V. Bertin wrote: > On Thursday September 07 2017 19:35:58 cr wrote: > >I installed Debian 9 on my server and it came with kmail 5. I use mostly > >Gnome apps, currently with LXDE desktop, Kmail's the only kde program I run > >aside from k3b.And it really is 'kdewallet'. > > kdewallet is the default name for the wallet file that kwallet will create > for you unless told to do otherwise. The software is split in 2 projects: > the KWallet framework and the kwalletmanager utility to interact with it. > I'd be surprised if Debian deviated from their habits used "kdewallet" in > their package names. > >At some point I think I will try uninstalling kdewallet and see what > >breaks... > You could probably figure out how to not USE the kwallet service - KDE PIM4 > has a fallback in which it stores passwords in hardly encrypted form in its > own config (rc) files when kwallet isn't functioning. I never managed to > get it to ask once (per session) for each email password and then cache > that in memory, like you can with Thunderbird. > > I strongly doubt that you can uninstall the kwallet framework; that's a > shared library and dependency for probably every PIM component that needs > to be able to authenticate. Remove the library and all those components > will refuse to launch. > > R. Yes it's kwallet... I suspect you're right. I just ran Synaptic and when I ticked 'uninstall' for a kwallet lib file, it wanted to uninstall kmail and akonadi too... It appears that, if I log in on my server, kwallet activates and lurks and when I subsequently launch kmail (ssh'd from a remote laptop) kwallet opens a dialog box ON THE SERVER for its password. Frustrating when I'm not on the server... If I have NOT previously logged in on the server, then kmail opens its own box on the laptop for my ISP's password which it remembers for the rest of that session. Which is good. So obviously kmail can function without kwallet if it has to, I just can't find an option to force it to. So now I just have to find a way to kill kwallet dead without actually uninstalling it... (I never use it for anything else) Chris Rodliffe
