keeping passwords - Debian

This is a discussion on keeping passwords - Debian ; Hi, I was wondering if KDE has the ability to keep passwords for longer than the current session / log in. The keep password feature (when running an application as a different user) doesn't work as I would have excepted ...

+ Reply to Thread
Results 1 to 17 of 17

Thread: keeping passwords

  1. keeping passwords

    Hi,

    I was wondering if KDE has the ability to keep passwords for longer than the
    current session / log in. The keep password feature (when running an
    application as a different user) doesn't work as I would have excepted it to
    as it only keeps the password for the duration of the login.

    For instance, I use synaptic to update my desktop machine. I would like to
    have the ability to supply the root password just once and have it remembered
    indefinitely. I realize this is a bit of a security problem on machines that
    are used by numerous people but I am the only person that uses, and will ever
    use, my machine.

    Graham


    --
    To UNSUBSCRIBE, email to debian-kde-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  2. Re: keeping passwords

    You should probably use sudo for this and make it to run some privileged
    commands as a regular user and without passwords.

    ------- Original message -------
    From: Graham Smith
    To: debian-kde@lists.debian.org
    Subject: keeping passwords
    Date: 31 Август 2005 12:37
    > Hi,
    >
    > I was wondering if KDE has the ability to keep passwords for longer than
    > the current session / log in. The keep password feature (when running an
    > application as a different user) doesn't work as I would have excepted it
    > to as it only keeps the password for the duration of the login.
    >
    > For instance, I use synaptic to update my desktop machine. I would like to
    > have the ability to supply the root password just once and have it
    > remembered indefinitely. I realize this is a bit of a security problem on
    > machines that are used by numerous people but I am the only person that
    > uses, and will ever use, my machine.
    >
    > Graham


  3. Re: keeping passwords

    > Hmmm, that is a serious security issue. I was hoping there would be a password
    > encrypted password cache or something similar.


    KWallet is what you are talking about. It works wonderfully for
    KDE-based applications. unfortunately, Synaptic is GNOME-based... You
    definately need to check out kdesu/kdesudo docs however.



    I'll check out cron-apt. I'm
    > not overly keen on cron based updates though especially at the moment (one
    > false move and the whole of KDE gets removed in unstable ).
    >
    > Thanks though,
    >
    > Graham
    >
    > > On 31/08/05, Graham Smith wrote:
    > > > Hi,
    > > >
    > > > I was wondering if KDE has the ability to keep passwords for longer than
    > > > the current session / log in. The keep password feature (when runningan
    > > > application as a different user) doesn't work as I would have excepted it
    > > > to as it only keeps the password for the duration of the login.
    > > >
    > > > For instance, I use synaptic to update my desktop machine. I would like
    > > > to have the ability to supply the root password just once and have it
    > > > remembered indefinitely. I realize this is a bit of a security problem on
    > > > machines that are used by numerous people but I am the only person that
    > > > uses, and will ever use, my machine.
    > > >
    > > > Graham
    > > >
    > > >
    > > > --
    > > > To UNSUBSCRIBE, email to debian-kde-REQUEST@lists.debian.org
    > > > with a subject of "unsubscribe". Trouble? Contact
    > > > listmaster@lists.debian.org

    >



    --
    Giacomo Lacava

  4. Re: keeping passwords

    Graham Smith wrote:

    > I was wondering if KDE has the ability to keep passwords for longer than
    > the current session / log in. The keep password feature (when running an
    > application as a different user) doesn't work as I would have excepted it
    > to as it only keeps the password for the duration of the login.


    It does? It never seemed to work for me, so I stopped using it.

    > For instance, I use synaptic to update my desktop machine. I would like to
    > have the ability to supply the root password just once and have it
    > remembered indefinitely.


    There must be a better way. For sudo, it's better to modify /etc/sudoers
    like mine:

    derek ALL=NOPASSWD: /usr/bin/aptitude, /sbin/ifconfig

    Which lets me use aptitude and ifconfig without ever giving a password.
    However, adding /usr/bin/kpackage to the list, and then invoking it with
    kdesu still prompts.
    --
    derek


    --
    To UNSUBSCRIBE, email to debian-kde-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  5. Re: keeping passwords

    > Which lets me use aptitude and ifconfig without ever giving a password.
    > However, adding /usr/bin/kpackage to the list, and then invoking it with
    > kdesu still prompts

    It's probably because in Debian KDE was compiled with shadow support.

    ------- Original message -------
    From: Derek Broughton
    To: debian-kde@lists.debian.org
    Subject: Re: keeping passwords
    Date: 31 2005 14:33
    > Graham Smith wrote:
    > > I was wondering if KDE has the ability to keep passwords for longer than
    > > the current session / log in. The keep password feature (when running an
    > > application as a different user) doesn't work as I would have excepted it
    > > to as it only keeps the password for the duration of the login.

    >
    > It does? It never seemed to work for me, so I stopped using it.
    >
    > > For instance, I use synaptic to update my desktop machine. I would like
    > > to have the ability to supply the root password just once and have it
    > > remembered indefinitely.

    >
    > There must be a better way. For sudo, it's better to modify /etc/sudoers
    > like mine:
    >
    > derek ALL=NOPASSWD: /usr/bin/aptitude, /sbin/ifconfig
    >
    > Which lets me use aptitude and ifconfig without ever giving a password.
    > However, adding /usr/bin/kpackage to the list, and then invoking it with
    > kdesu still prompts.
    > --
    > derek


  6. Re: keeping passwords

    Giacomo Lacava wrote:

    >> Hmmm, that is a serious security issue. I was hoping there would be a
    >> password encrypted password cache or something similar.

    >
    > KWallet is what you are talking about. It works wonderfully for
    > KDE-based applications. unfortunately, Synaptic is GNOME-based... You
    > definately need to check out kdesu/kdesudo docs however.


    How do you use it with kdesu? kdesu doesn't even have a man page and, on
    Ubuntu at least, /usr/share/doc/kde/HTML/en/kdesu/ has no valid
    documentation!
    --
    derek


    --
    To UNSUBSCRIBE, email to debian-kde-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  7. Re: keeping passwords

    Graham wrote:

    > I'll check out cron-apt. I'm
    > not overly keen on cron based updates though especially at the moment
    > (one false move and the whole of KDE gets removed in unstable ).


    Do what I do - "aptitude update; aptitude -d dist-upgrade".

    Maybe even add "aptitude upgrade" (in between the update and dist-upgrade).
    That way, the hard part is already done, no packages have been removed (or
    added), and the amount of work left to you is minimal. Put it in Cron, and
    cron will email you the results. If you like what you see, and there are
    packages left to install, do the dist-upgrade manually.
    --
    derek


    --
    To UNSUBSCRIBE, email to debian-kde-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  8. Re: keeping passwords

    Freddie Cash wrote:

    >> Giacomo Lacava wrote:
    >>>> Hmmm, that is a serious security issue. I was hoping there would
    >>>> be a password encrypted password cache or something similar.

    >
    >>> KWallet is what you are talking about. It works wonderfully for
    >>> KDE-based applications. unfortunately, Synaptic is GNOME-based...
    >>> You definately need to check out kdesu/kdesudo docs however.

    >
    >> How do you use it with kdesu? kdesu doesn't even have a man page
    >> and, on Ubuntu at least, /usr/share/doc/kde/HTML/en/kdesu/ has no
    >> valid documentation!


    On that subject, it does seem to have a valid docbook - so what do I need to
    read docbooks?
    >
    > kdesu does so have a man page. See attached.


    (a) gmane doesn't appear to pass attachments.
    (b) No it doesn't. KDE may provide one, but it isn't part of the Ubuntu
    package (and so I'm betting Debian, too) which contains kdesu
    (kdebase-bin).

    > There's also gksu (the GTK frontend to su), but it also does not
    > support changing the timeout of the password storage.


    ?? So why even mention it? You can't just install gksu, it comes with
    bonobo and gnomeui and gconf - something like an extra 40MB of stuff - and
    it's never likely to interface to kwallet.
    --
    derek


    --
    To UNSUBSCRIBE, email to debian-kde-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  9. Re: keeping passwords

    Serja wrote:

    >> Which lets me use aptitude and ifconfig without ever giving a password.
    >> However, adding /usr/bin/kpackage to the list, and then invoking it with
    >> kdesu still prompts


    > It's probably because in Debian KDE was compiled with shadow support.


    Why would that make a difference?

    --
    derek


    --
    To UNSUBSCRIBE, email to debian-kde-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  10. Re: keeping passwords

    On August 31, 2005 09:05 am, Derek Broughton wrote:
    > Freddie Cash wrote:
    > >> Giacomo Lacava wrote:
    > >>>> Hmmm, that is a serious security issue. I was hoping there would
    > >>>> be a password encrypted password cache or something similar.
    > >>>
    > >>> KWallet is what you are talking about. It works wonderfully for
    > >>> KDE-based applications. unfortunately, Synaptic is GNOME-based...
    > >>> You definately need to check out kdesu/kdesudo docs however.
    > >>
    > >> How do you use it with kdesu? kdesu doesn't even have a man page
    > >> and, on Ubuntu at least, /usr/share/doc/kde/HTML/en/kdesu/ has no
    > >> valid documentation!


    > On that subject, it does seem to have a valid docbook - so what do I
    > need to read docbooks?


    > > kdesu does so have a man page. See attached.

    > (a) gmane doesn't appear to pass attachments.


    Hrm, that sucks.

    > (b) No it doesn't. KDE may provide one, but it isn't part of the
    > Ubuntu package (and so I'm betting Debian, too) which contains kdesu
    > (kdebase-bin).


    Yes, it does have a man page. It's installed
    as /usr/share/man/man1/kdesu.1.gz on my Debian 3.1 system running KDE
    3.4.1. If your Ubuntu system doesn't have it, then that's an Ubuntu
    packaging issue, not a kdesu issue. According to apt, the
    kdebase-bin-4.3.1-1 package for Debian includes the
    file /usr/share/man/man1/kdesu.1.gz.

    There's also a KDE help centre file for it, which can be accessed via
    the Help Center, or help:/kdesu in Konqueror.

    Here's the text of the man page, just for you, since you seem to think
    it doesn't exist:

    KDESU(1) Runs a program with elevated
    privileges. KDESU(1)



    NAME
    kdesu - Runs a program with elevated privileges.

    SYNOPSIS
    kdesu [Qt-options] [KDE-options] [kdesu options] command

    DESCRIPTION
    Runs a program with elevated privileges.

    KDE su is a graphical front end to the Unix su utility. It allows
    you to run programs as another user by entering
    their password. It is not a SUID root program, but runs
    unprivileged. The system program su is used for acquiring
    special privileges.

    kdesu has the ability to store passwords for the convenience of
    users. The passwords are NOT written to disk, but
    stored in memory using a special program, kdesud. This is only
    done if the user specifies that the password be
    remembered. In this case, passwords are stored in memory
    for a certain period of time before being removed.
    kdesud runs in such a way that only the user who entered the
    password originally can use it, though no one, not
    even the user who originally entered the password, can
    retrieve the password that is stored by kdesud. Through
    these measures, users can avoid having to repeatedly enter root
    passwords or other passwords, without a signifi-
    cant risk to overall system security.

    OPTIONS
    Generic options:
    --help Show help about options

    --help-qt
    Show Qt specific options

    --help-kde
    Show KDE specific options

    --help-all
    Show all options

    --author
    Show author information

    -v, --version
    Show version information

    --license
    Show license information


    kdesu Options:
    -c
    Specifies the command to run

    -f
    Run command under target uid if is not writable

    -u
    Specifies the target uid [default is root]

    -n Do not keep password

    -s Stop the daemon (forgets all passwords)

    -t Enable terminal output (no password keeping)

    -p
    Set priority value: 0 <= prio <= 100, 0 is lowest [default
    is 50]

    -r Use realtime scheduling

    --nonewdcop
    Let command use existing dcopserver

    -i
    Specify icon to use in the password dialog

    -d Do not show the command to be run in the dialog


    Arguments:
    command
    Specifies the command to run


    SEE ALSO
    Full user documentation is available through the KDE Help
    Center. You can also enter the URL help:/kdesu/
    directly into konqueror or you can run `khelpcenter help:/kdesu/'
    from the command-line.

    AUTHORS
    Geert Jansen
    Pietro Iglio

    This manual page was written by Christopher Martin
    for Debian GNU/Linux, but may
    be used by others. It borrows from an earlier manpage by Karolina
    Lindqvist .



    K Desktop Environment May 2005
    KDESU(1)


    --
    Freddie Cash, CCNT CCLP Helpdesk / Network Support Tech.
    School District 73 (250) 377-HELP [377-4357]
    fcash-ml@sd73.bc.ca


    --
    To UNSUBSCRIBE, email to debian-kde-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  11. Re: keeping passwords

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Giacomo Lacava wrote:

    > KWallet is what you are talking about. It works wonderfully for
    > KDE-based applications. unfortunately, Synaptic is GNOME-based... You
    > definately need to check out kdesu/kdesudo docs however.


    I've been using KWallet extensively. Ever since I started using it, I've
    never had to worry about my passwords.
    But what I now do worry is about "How secure KWallet really is" ?
    Can forged forms from the internet retrieve information from KWallet ?
    Is there any design documentation of KWallet ?

    rrs
    - --
    Ritesh Raj Sarraf
    RESEARCHUT -- http://www.researchut.com
    Gnupg Key ID: 04F130BC
    "Stealing logic from one person is plagiarism, stealing from many is
    research."
    "Necessity is the mother of invention."
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (GNU/Linux)

    iD8DBQFDFgF14Rhi6gTxMLwRAoELAJ9uyOpCNMqtJ1UESJF+3s MZ1oocRACcCDa/
    XyrwMIFWHMaJP6Wu4AlM2g0=
    =1WJh
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to debian-kde-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  12. Re: keeping passwords

    Hello,

    On Wednesday 31 August 2005 12:05 pm, Derek Broughton wrote:
    > > There's also gksu (the GTK frontend to su), but it also does not
    > > support changing the timeout of the password storage.

    >
    > ?? *So why even mention it? *You can't just install gksu, it comes with
    > bonobo and gnomeui and gconf - something like an extra 40MB of stuff - and
    > it's never likely to interface to kwallet.


    It's worth mentioning because the gksu package contains both a gksu *and* a
    gksudo executable, the latter allowing one to gain elevated priviledges via
    sudo rather than su. Using sudo is better because it allows for much
    finer-grained control of who can run what as root (or other users), and does
    not require anyone to know the root password.

    Cheers,
    nate

    --
    Nathaniel W. Turner
    http://houseofnate.net/

  13. Re: keeping passwords

    Freddie Cash wrote:

    > On August 31, 2005 09:05 am, Derek Broughton wrote:
    >> Freddie Cash wrote:


    >> > kdesu does so have a man page. See attached.

    >> (a) gmane doesn't appear to pass attachments.

    >
    > Hrm, that sucks.
    >
    >> (b) No it doesn't. KDE may provide one, but it isn't part of the
    >> Ubuntu package (and so I'm betting Debian, too) which contains kdesu
    >> (kdebase-bin).

    >
    > Yes, it does have a man page. It's installed
    > as /usr/share/man/man1/kdesu.1.gz on my Debian 3.1 system running KDE
    > 3.4.1. If your Ubuntu system doesn't have it, then that's an Ubuntu
    > packaging issue, not a kdesu issue.


    Well, that's a first, but it's no doubt related to the fact that Ubuntu's
    kdesu is based on sudo not su. Which makes my whole suggestion moot :-(

    > There's also a KDE help centre file for it, which can be accessed via
    > the Help Center, or help:/kdesu in Konqueror.


    That was the only remotely useful thing in the man page - which I think
    answers my question about how to read a .docbook file :-) - unfortunately,
    the Ubuntu guys haven't bothered to update that either, so it isn't useful.

    Thanks anyway.
    --
    derek


    --
    To UNSUBSCRIBE, email to debian-kde-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  14. kdesu manpage

    Am Donnerstag, 1. September 2005 02.22 schrieb Derek Broughton:
    ....
    > > Yes, it does have a man page. It's installed
    > > as /usr/share/man/man1/kdesu.1.gz on my Debian 3.1 system running KDE
    > > 3.4.1. If your Ubuntu system doesn't have it, then that's an Ubuntu
    > > packaging issue, not a kdesu issue.


    That's funny, I don't have it either in Debian Testing, even though kdesu is
    installed. I do have a man page for kdesu-stub which only has one line:
    kdesu_stub fixme.

    Theo Schmidt


    --
    To UNSUBSCRIBE, email to debian-kde-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  15. Re: keeping passwords

    Nathaniel W. Turner wrote:

    > Hello,
    >
    > On Wednesday 31 August 2005 12:05 pm, Derek Broughton wrote:
    >> > There's also gksu (the GTK frontend to su), but it also does not
    >> > support changing the timeout of the password storage.

    >>
    >> ?? *So why even mention it? *You can't just install gksu, it comes with
    >> bonobo and gnomeui and gconf - something like an extra 40MB of stuff -
    >> and it's never likely to interface to kwallet.

    >
    > It's worth mentioning because the gksu package contains both a gksu *and*
    > a gksudo executable, the latter allowing one to gain elevated priviledges
    > via
    > sudo rather than su. Using sudo is better because it allows for much
    > finer-grained control of who can run what as root (or other users), and
    > does not require anyone to know the root password.


    Or Debian could buy into Ubuntu's philosophy, and base kdesu on sudo :-)
    But Ubuntu's kdesu still doesn't allow a trusted application (ie,
    in /etc/sudoers) to be run without a password. I'll have to follow that up
    with the Ubuntu folk.
    --
    derek


    --
    To UNSUBSCRIBE, email to debian-kde-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  16. Re: kdesu manpage

    Theo Schmidt wrote:

    > Am Donnerstag, 1. September 2005 02.22 schrieb Derek Broughton:
    > ...
    >> > Yes, it does have a man page. It's installed
    >> > as /usr/share/man/man1/kdesu.1.gz on my Debian 3.1 system running KDE
    >> > 3.4.1. If your Ubuntu system doesn't have it, then that's an Ubuntu
    >> > packaging issue, not a kdesu issue.

    >
    > That's funny, I don't have it either in Debian Testing, even though kdesu
    > is installed. I do have a man page for kdesu-stub which only has one line:
    > kdesu_stub fixme.
    >

    And interestingly, reportbug says that the Ubuntu maintainers are
    Debian-QT/KDE, so I can't even properly report the bugs.
    --
    derek


    --
    To UNSUBSCRIBE, email to debian-kde-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  17. Re: keeping passwords

    On Wednesday 31 August 2005 21:13, Ritesh Raj Sarraf wrote:
    > Giacomo Lacava wrote:
    > > KWallet is what you are talking about. It works wonderfully for
    > > KDE-based applications. unfortunately, Synaptic is GNOME-based... You
    > > definately need to check out kdesu/kdesudo docs however.

    >
    > I've been using KWallet extensively. Ever since I started using it, I've
    > never had to worry about my passwords.
    > But what I now do worry is about "How secure KWallet really is" ?


    It has qute likely a high security.
    The maintainer is George Staikos and he virtually had to be forced to
    implement password less wallets because he considered it an abomniation.

    > Can forged forms from the internet retrieve information from KWallet ?


    Forms can't access the wallet.

    > Is there any design documentation of KWallet ?


    Maybe in the SVN directory of KWallet

    Cheers,
    Kevin

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (GNU/Linux)

    iD8DBQBDFyJFnKMhG6pzZJIRAtVgAJ9n19JWSNWpfAXxVCQrQe eKKUDJ8gCdHeZR
    cLlNFq/pVAocIJKtb0rox+c=
    =613l
    -----END PGP SIGNATURE-----


+ Reply to Thread