Web lists-archives.com

Re: Kmail without kdewallet?




On Monday, 2017-09-18, 22:53:01, cr wrote:
> On Monday, 18 September 2017 12:11:57 PM NZST Kevin Krammer wrote:
> > On Wednesday, 2017-09-06, 23:58:24, cr wrote:
> > > I'm running Kmail 5.2.3 and kdewallet under Debian 9.   Can I safely
> > > uninstall kdewallet?   (Kmail is the only program I run that uses it).
> > > 
> > > Reason is, I usually start Kmail on my server via ssh from some laptop
> > > or
> > > other.   If I go to fetch mail from my ISP, Kmail opens a box for my
> > > ISP's
> > > mail password (the same as my previous installation of Kmail 4 did).
> > > However, IF I've previously logged in to my server, kdewallet opens a
> > > box
> > > for its password on the server instead, which is a nuisance (and much
> > > bafflement before I accidentally found this out).
> > 
> > One option would be to authorize access to KWallet through the login
> > procedure itself.
> > 
> > There is a package for the kwallet PAM integration, which unlocks the
> > wallet on login with the credentials provided to the login process.
> > 
> > I've been using that (libpam-kwallet5) since I've switched to Plasma 5.
> > 
> > Requires the wallet to have the same password as for login but very
> > convenient to have it automatically unlocked at the begin of a session.
> > 
> > Cheers,
> > Kevin
> 
> I may have managed to solve it by similar means.
> 
> I reluctantly (in case it did something else horrible) installed Kwallet
> Manager, and set the Kwallet password to blank (the mail password inside
> Kwallet is still correct).   And now  Kmail goes and fetches mail without
> opening a Kwallet password box and without asking for the mail password.
> 
> This is on my server, hopefully it will still work that way next time I ssh
> in.
> 
> (I know it's a 'security hole' but only exactly the same, I think, as having
> kwallet share my login password.   Which it already did anyway, as it
> happened...)

Similar but not the same.

Having an empty password only requires read access to the file, unlocking with 
PAM requires the system to run and the password to be provided through the 
system's login process.

A bit like with hard disc encryption: once the system is unlocked and running 
the processes have access to the data.
If the system is not running or the encyrption has not been unlocked then 
there is no access.

Cheers,
Kevin
-- 
Kevin Krammer, KDE developer, xdg-utils developer
KDE user support, developer mentoring

Attachment: signature.asc
Description: This is a digitally signed message part.