Announcement

Collapse
No announcement yet.

Kwallet confusion

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    [Utilities] Kwallet confusion

    I'm a new Kubuntu (19.10) user. Kwallet is new to me (I've been using MX Linux 18.3 for 9 months, and Lubuntu for 3-4 years prior). A couple of things:

    1. I use keepassx. Therefore, kwallet is redundant. Are there other reasons to use it? Is it better than keepassx in some way?

    My initial impression is that it's in the way.

    2. I am NFS mounting a directory shared on another computer. (It all works great.). When I put the fstab entry in to mount it at bootup, it fails. I'm assuming this is because the wifi connection isn't established until the desktop appears and kwallet asks me for the password, so it can let the network start.

    Does that sound like what's happening?

    I'm thinking I'd like to get rid of kwallet. But, if it serves a useful purpose, I thought I should start a conversation about this.

    Thanks!

    #2
    The first time you opened kwallet if you ignored the password and left the password blank you would never see it again. That's what I do and I have no use for kwallet.

    Comment


      #3
      @golf4fun, thank you so much for your answer. The thought of using an empty password crossed my mind 4-5 days ago. I should have come back and said something about that.

      I have been ISO testing 20.04's daily images, and thinking about reporting this topic as a bug. Now that I see that you've considered this topic as well, I'd like to give my thoughts here before I escalate a bug report. Maybe I'm not thinking the right way. I bold my conclusions to make it easier to navigate:

      1. I've noticed kwallet can be disabled from Sys. Settings->Acct. Details. But, when I do that, I'm prompted for the wifi password each time I boot. I.e., the system doesn't go back to storing the wifi password like other distros do.

      2. I've noticed (as you have) that an empty kwallet password effectively nullifies the annoying (to me) kwallet prompt before logging in -- which seems to interfere with fstab startup mounting of an NFS share.)
      - I assume fstab works now with the empty kwallet password (no reason to wait for the desktop and user interaction.). I need to test that.

      3. If I use the empty kwallet password (which seems like a kludge. What purpose does it serve without the password?) Kwallet continues to be used by Chrome for all my website credentials (now without password protection!).

      4. I've noticed Account Details->KDE Wallet has an "Application Control" tab, with nothing listed in it. There's no "Add" button. I thought this is where it needed some Chrome policy to tell it to stop using kwallet. I assumed clicking "Launch Wallet Manager" is what populates that.
      4.1. When I launch "Wallet Manager," I see a hierarchy which I can drill into & see the Chrome & wifi keys. I can delete things (which I'm afraid to try). I can disconnect things (still afraid). I don't see any way to create a policy (for the "Access Control" page from whence I launched the manager.).

      To me, this is very confusing (to even a fairly experienced Linux user). If this had been the norm for password management the past 12 years, maybe it would make sense. But, it's like you need to read a book to figure out how to use Kwallet.

      It's not optional either. If it asked whether you wanted to use it, that would be reasonable. If someone elected to install it, they could know the way out (reinstall, don't check that box again).

      The way it's an inescapable reality, the choices aren't very good. Turning it off (in Account Details) seems like a reasonable option. (IMO, a person has to buy into Kwallet more than they should have to; and know where to look to turn it off. But, still. I could accept that turning it off is a reasonable solution.). But, then the wifi password is never saved the way everyone would intuitively expect. You're prompted for it every time you boot.

      This leaves the unintuitive empty-password solution. It took me a month to think of that (and some weeks to get that suggestion on this forum). That doesn't seem reasonable. If it asked "secure wallet with password?" then a person would know that's an option. But, they're still using Kwallet when their apparent goal is to not use it. If there's no password, what's the point? My Chrome is still attached, saving credentials into a Kwallet without a password. That can't be advisable.

      I just want network connectivity without waiting for Kwallet to ask me for a password. I might like my Chrome credentials kept in a nicely integrated/transportable file like Kwallet offers (I use Keepassx which isn't integrated.). But, having no password gives me the heebie jeebies.

      Nothing about this seems right. It seems intrusive and uninformative. It could be a good idea, but the presentation isn't right.

      I really like KDE. It's exceptionally polished compared to it's relatively-low resource use. The only thing that makes me hesitant to recommend it to others is Kwallet. I'd have always have to say "but, [long, topsy-turvy topic]." I think most people would say "no thanks" before I got 3-4 sentences into that conversation.

      Am I wrong about this? Is this just a mere enhancement request (which can be rationalized as "just a different opinion")? Or, would this be considered a bug (for more visibility)?

      I'd like to hear your (and others') thoughts. I can't see how I'm wrong about this. This doesn't seem like how anyone would expect anything to work (or a new user to find intuitive). I hope I'm not criticizing. I've been thinking about this for a couple weeks. It's not a rash opinion.
      Last edited by az2020; Mar 23, 2020, 04:04 PM.

      Comment


        #4
        A messy mishmash of post quotes follows:

        Originally posted by az2020 View Post
        I'm a new Kubuntu (19.10) user. Kwallet is new to me (I've been using MX Linux 18.3 for 9 months, and Lubuntu for 3-4 years prior). A couple of things:

        1. I use keepassx. Therefore, kwallet is redundant. Are there other reasons to use it? Is it better than keepassx in some way?
        It is integrated into the desktop natively, and in the case of Plasma, it automatically unlocks when you log in (for the user account created during install). Gnome's keyring system works in a similar fashion on other desktops/distros.

        My initial impression is that it's in the way.[
        Then disable it, as you have found in the settings.

        I've noticed kwallet can be disabled from Sys. Settings->Acct. Details. But, when I do that, I'm prompted for the wifi password each time I boot. I.e., the system doesn't go back to storing it seamlessly like other distros do.
        As to wifi passwords, you can go to the settings for that, and set it to save the password either as plain text (for all users) or encrypted, but I think that as it was originally tied to the wallet, you may need to remove that connection, then recreate it (double check the connection settings) after you have disabled the kwallet system for it to save the password on its own.

        I've noticed (as you have) that an empty kwallet password effectively nullifies the annoying (to me) kwallet prompt before logging in -- which seems to interfere with fstab startup mounting of an NFS share.)
        - I assume fstab works now with the empty kwallet password (no reason to wait for the desktop and user interaction.). I need to test that.
        Kwallet has zero to do with fstab and mounts, it has no power on things taking place before you log in to the desktop.

        2. I am NFS mounting a directory shared on another computer. (It all works great.). When I put the fstab entry in to mount it at bootup, it fails. I'm assuming this is because the wifi connection isn't established until the desktop appears and kwallet asks me for the password, so it can let the network start.
        yes, you will need to edit the mount settings to allow for that, adding the _netdev option to the fstab to hold off mounting until the network is up, or possibly edit the wifi connection settings and check the 'all users may connect to this network' option, which iirc connects to wifi before the user logs in. This still may require the _netdev option if the mount operations take place before networking is started.


        I'm thinking I'd like to get rid of kwallet. But, if it serves a useful purpose, I thought I should start a conversation about this.

        Thanks!
        It does serve a useful purpose, but you can definitely disable it if you wish. It usually works very well, I have not had to muck around with it for an extremely long time myself, though it seems to be a pain when it does get messed up. I have not had, wanted, or needed to use the wallet manager for anything in at least a decade, I am guessing. It is for me something that was automatically configured during install, and I never have to touch.

        Comment


          #5
          Thank you for your reply. Ironically, I just discovered that "Try it" & "Install now" create two different installations. I have reported it as bug 1868646 . I would encourage you guys to see if you can recreate it, and mark that bug "affects me" so it gets some traction. (I don't know if it's too late in the release process to fix it.).

          Essentially, what I described as a stumbling block occurs only when installing from the Live desktop (after choosing "Try it"). When I (for reasons I still don't know why I did this) chose "Install now," it works the way I was advocating for. (Wifi automatically connects on reboot after install. I don't have to click it to connect. Which means Kwallet doesn't pop up demanding that I create a password for it to save the wifi password. "Demanding" is a perfect word because there is no suggestion that a null password is valid. It took a month for me to learn that.).

          Anyway, I am extremely happy that I saw this difference (in installation results) because we could have spent weeks talking past each other (me seeing one thing; you probably seeing the result of "Install now.").

          Also, I believe you're right about my NFS problem. I need to spend more time figuring out how to get NFS mounts to happen at boot. I stopped pursuing this when I ran into the Kwallet prompt before it would connect to wifi. I figured NFS wouldn't wait until I interacted with the desktop. Plus, I asked about this on both this forum and KDE.org. There were no immediate suggestions, so I assumed it was supposed to work that way. (If I had installed using the "Install now" option, I would have never assumed NFS was failing due to the unavailability of the network until long after the desktop is ready. So, it's all been very confusing, and I've been brewing on it for a month too!).

          I'm going to work on getting my nfs mount to work. I didn't think _netdev was necessary. I've read that systemd has code to recognize filetypes that require _netdev, performing that processing without being told to. But, I need to play with it and see. (I can command-line mount. So, whatever problem I'm having is with fstab mounting specifically. I can live with it not mounting at boot. That's much less frustrating than the Kwallet experience I was having via "Try it" and installing from desktop. I hope that's the bug, and not the way "Install now" works.).
          Last edited by az2020; Mar 23, 2020, 09:13 PM.

          Comment


            #6
            I also have always being confused with kwallet prompt. Whenever I tried to install any distro with kde, kwallet appears and confuses me. It is also the reason why I chose Kubuntu because it was the only KDE distro that did not had that prompt. I don't know how the do it, or why other distros have the prompt?
            If the new Kubuntu versions will include it as other distros do, I don't know how to handle it because I have not found an article or tutorial explaining what the heck is it, whats its purpose, or why any other DE does not have anything similar when installing them?

            Comment

            Working...
            X