[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kmail-devel
Subject:    [Bug 95615] KWallet Request when quitting Kmail
From:       Thayer Williams <thayerw () gmail ! com>
Date:       2007-05-28 6:04:23
Message-ID: 20070528060423.26159.qmail () ktown ! kde ! org
[Download RAW message or body]

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=95615         




------- Additional Comments From thayerw gmail com  2007-05-28 08:04 \
------- Because this is still present in KDE 3.5.7, I would like to make a \
couple suggestions. As far as I can tell, there are currently five possible \
ways to use KMail:

1) No KWallet, no KMail password storage
This scenario forces the user to enter a password for each account every \
time they open KMail.  Not exactly user-friendly, especially if they have \
3-5 email accounts (as I do).

2) KMail password storage, KWallet disabled
In this scenario, the user stores the passwords locally within KMail \
itself.  However, the user must disable the entire KWallet system in order \
for this to work without constant nag screens. Again, not very \
user-friendly, since KWallet has a lot more to offer than simply storing \
email account passwords.

3) KMail passwords stored in KWallet with a master password
The KMail account passwords are stored within KWallet, forcing the user to \
enter the master Kwallet password each time they open KMail, assuming the \
wallet was not already opened.  Again, not very user-friendly. 

4) KMail passwords stored in KWallet with no master password
Sadly, this seems to be the advice of many forum posts.  In this scenario, \
not only are the KMail passwords completely vulnerable, but so are all the \
other passwords stored in the wallet.

5) Avoid using KMail entirely until this 2 year old bug is finally \
addressed I am afraid that many who encounter the above annoyances will \
likely choose this option.  Having been a Thunderbird user for almost 3 \
years, I decided to migrate to KMail (Kontact actually) because of the \
excellent calendar integration.  However, I am finding this constant \
prompting of passwords too much.

I propose any one of the following solutions:

1) Make it possible for KMail to store passwords locally with and without \
KWallet system integration enabled.

2) Make it possible for KMail to reference a separate wallet that may be \
set with a blank password.  Although the KMail passwords would be insecure, \
the rest of the KWallet system integration would remain in tact.

3) Make an option for Kwallet to integrate into the user's logon password.  \
This way, the default wallet is authenticated automatically when a user \
logs into the KDE environment.  Say for example, if someone created a \
wallet with the same password as their logon credentials, KDE could pass \
that information onto KWallet.  This solution is perfect for folks who use \
KWallet for lesser items, such as wireless network passwords and email \
passwords.  It provides a transparent encryption as long as the user is \
logged in.  Then, for items requiring further security, the user can create \
a separate wallet with a stronger password or better yet, use a standalone \
program like PwManager.

This of course is all just speculation.  I'm no programmer so I have no \
idea how feasible it would be to implement any of these, but that's the way \
I see it.

KMail is a great email client and I want to stick with it, but if I can't \
find a sensible workaround for such a simple feature, I'll have to leave it \
behind. _______________________________________________
KMail developers mailing list
KMail-devel@kde.org
https://mail.kde.org/mailman/listinfo/kmail-devel


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic