[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: [Bug 95615] KWallet Request when quitting Kmail
From: Thayer Williams <thayerw () gmail ! com>
Date: 2007-05-28 6:04:23
Message-ID: 20070528060423.26159.qmail () ktown ! kde ! org
[Download RAW message or body]
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugs.kde.org/show_bug.cgi?id=95615
------- Additional Comments From thayerw gmail com 2007-05-28 08:04 -------
Because this is still present in KDE 3.5.7, I would like to make a couple suggestions. As far \
as I can tell, there are currently five possible ways to use KMail:
1) No KWallet, no KMail password storage
This scenario forces the user to enter a password for each account every time they open KMail. \
Not exactly user-friendly, especially if they have 3-5 email accounts (as I do).
2) KMail password storage, KWallet disabled
In this scenario, the user stores the passwords locally within KMail itself. However, the user \
must disable the entire KWallet system in order for this to work without constant nag screens. \
Again, not very user-friendly, since KWallet has a lot more to offer than simply storing email \
account passwords.
3) KMail passwords stored in KWallet with a master password
The KMail account passwords are stored within KWallet, forcing the user to enter the master \
Kwallet password each time they open KMail, assuming the wallet was not already opened. Again, \
not very user-friendly.
4) KMail passwords stored in KWallet with no master password
Sadly, this seems to be the advice of many forum posts. In this scenario, not only are the \
KMail passwords completely vulnerable, but so are all the other passwords stored in the wallet.
5) Avoid using KMail entirely until this 2 year old bug is finally addressed
I am afraid that many who encounter the above annoyances will likely choose this option. \
Having been a Thunderbird user for almost 3 years, I decided to migrate to KMail (Kontact \
actually) because of the excellent calendar integration. However, I am finding this constant \
prompting of passwords too much.
I propose any one of the following solutions:
1) Make it possible for KMail to store passwords locally with and without KWallet system \
integration enabled.
2) Make it possible for KMail to reference a separate wallet that may be set with a blank \
password. Although the KMail passwords would be insecure, the rest of the KWallet system \
integration would remain in tact.
3) Make an option for Kwallet to integrate into the user's logon password. This way, the \
default wallet is authenticated automatically when a user logs into the KDE environment. Say \
for example, if someone created a wallet with the same password as their logon credentials, KDE \
could pass that information onto KWallet. This solution is perfect for folks who use KWallet \
for lesser items, such as wireless network passwords and email passwords. It provides a \
transparent encryption as long as the user is logged in. Then, for items requiring further \
security, the user can create a separate wallet with a stronger password or better yet, use a \
standalone program like PwManager.
This of course is all just speculation. I'm no programmer so I have no idea how feasible it \
would be to implement any of these, but that's the way I see it.
KMail is a great email client and I want to stick with it, but if I can't find a sensible \
workaround for such a simple feature, I'll have to leave it behind. \
_______________________________________________ KMail developers mailing list
KMail-devel@kde.org
https://mail.kde.org/mailman/listinfo/kmail-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic