[Kde-pim] Re: Failure of migration of IMAP accounts with disabled KWallet

Ingo Klöcker kloecker at kde.org
Sun Feb 27 10:38:06 GMT 2011


On Wednesday, December 01, 2010, Alexander Gretencord wrote:
> On Tuesday 30 November 2010, Guy Maurel wrote:
> > > according to recent tests the migration of IMAP accounts fails
> > > completely (it hangs indefinitely) if the user has disabled
> > > KWallet.
> 
> Big issue for me. I don't use KWallet. I actually type my passwords
> every time, so naturally I disable KWallet, so I don't get prompted
> for KWallet access all the time.
> 
> > - I can't migrate IMAP nor
> > - I can't begin as new an IMAP account
> > without using KWallet.
> > Why not?
> 
> Good question! I think the KMail team should rethink this.

We are aware of this problem. As far as we are concerned, fixing the 
migration and making KWallet optional are the only two remaining 
blockers for finally releasing KMail2 to the wider public. In fact, we 
are working on this as we speak.
  http://community.kde.org/KDE_PIM/Meetings/Osnabrueck_9


> Actually, from a design standpoint, to me this has the implication
> that KMail should only store my IMAP password until it is logged in
> and then forget it (and maybe use IMAP IDLE - if the server supports
> it - to keep me connected). Is KMail using secure memory
> functionality (like e.g. GPG) for cases where the password has to be
> stored in memory for longer periods of time (e.g. if no IDLE support
> is implemented, or just in general)?

No. Why? Because it's a hard problem (way harder than for gpg because 
gpg does not need to transfer the password to a server).


> Do you (or does anybody) have any idea if something like that is/will
> be implemented in KMail? Quickly searching bugs.kde.org on this
> doesn't show anything, but I might have missed something, as the
> list of bugs containing my search terms was quite large :)

It shouldn't be implemented in KMail because password handling is a 
system-wide problem. I think KWallet may be the solution for this 
(regardless of whether the passwords are stored on disk or just in 
memory). Similar to how gpg-agent does all password handling for gpg, 
password handling in KDE (and beyond) would be done exclusively by 
KWallet.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20110227/89bd355f/attachment.sig>
-------------- next part --------------
_______________________________________________
KDE PIM mailing list kde-pim at kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/


More information about the kde-pim mailing list