[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kmail-devel
Subject:    [Bug 95615] KWallet Request when quitting Kmail
From:       Thayer Williams <thayerw () gmail ! com>
Date:       2007-05-28 6:04:23
Message-ID: 20070528060423.26159.qmail () ktown ! kde ! org
[Download RAW message or body]

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
         
http://bugs.kde.org/show_bug.cgi?id=95615         




------- Additional Comments From thayerw gmail com  2007-05-28 08:04 -------
Because this is still present in KDE 3.5.7, I would like to make a couple \
suggestions. As far as I can tell, there are currently five possible ways to use \
KMail:

1) No KWallet, no KMail password storage
This scenario forces the user to enter a password for each account every time they \
open KMail.  Not exactly user-friendly, especially if they have 3-5 email accounts \
(as I do).

2) KMail password storage, KWallet disabled
In this scenario, the user stores the passwords locally within KMail itself.  \
However, the user must disable the entire KWallet system in order for this to work \
without constant nag screens. Again, not very user-friendly, since KWallet has a lot \
more to offer than simply storing email account passwords.

3) KMail passwords stored in KWallet with a master password
The KMail account passwords are stored within KWallet, forcing the user to enter the \
master Kwallet password each time they open KMail, assuming the wallet was not \
already opened.  Again, not very user-friendly. 

4) KMail passwords stored in KWallet with no master password
Sadly, this seems to be the advice of many forum posts.  In this scenario, not only \
are the KMail passwords completely vulnerable, but so are all the other passwords \
stored in the wallet.

5) Avoid using KMail entirely until this 2 year old bug is finally addressed
I am afraid that many who encounter the above annoyances will likely choose this \
option.  Having been a Thunderbird user for almost 3 years, I decided to migrate to \
KMail (Kontact actually) because of the excellent calendar integration.  However, I \
am finding this constant prompting of passwords too much.

I propose any one of the following solutions:

1) Make it possible for KMail to store passwords locally with and without KWallet \
system integration enabled.

2) Make it possible for KMail to reference a separate wallet that may be set with a \
blank password.  Although the KMail passwords would be insecure, the rest of the \
KWallet system integration would remain in tact.

3) Make an option for Kwallet to integrate into the user's logon password.  This way, \
the default wallet is authenticated automatically when a user logs into the KDE \
environment.  Say for example, if someone created a wallet with the same password as \
their logon credentials, KDE could pass that information onto KWallet.  This solution \
is perfect for folks who use KWallet for lesser items, such as wireless network \
passwords and email passwords.  It provides a transparent encryption as long as the \
user is logged in.  Then, for items requiring further security, the user can create a \
separate wallet with a stronger password or better yet, use a standalone program like \
PwManager.

This of course is all just speculation.  I'm no programmer so I have no idea how \
feasible it would be to implement any of these, but that's the way I see it.

KMail is a great email client and I want to stick with it, but if I can't find a \
sensible workaround for such a simple feature, I'll have to leave it behind. \
_______________________________________________ KMail developers mailing list
KMail-devel@kde.org
https://mail.kde.org/mailman/listinfo/kmail-devel


[prev in list] [next in list] [prev in thread] [next in thread]