How do I get rid of excessive password prompts, with the least amount of lost security?

dec05eba, 7 months ago (edited 7 months ago)

To remove the password prompt from gpu screen recorder you have to install it from source or from aur: git.dec05eba.com/gpu-screen-recorder/about/. Right now there is no good way to do that with the flatpak (adding exception for it in polkit wont work that nicely because of how it works).

meekah, 7 months ago

thanks for the tip! I haven’t gotten around to playing with polkit yet but I’ll try to see if I can make that work. I don’t think I’ve ever installed anything from the aur. probably a good time to try it out ^^

interceder270, 7 months ago

Here you go: wiki.archlinux.org/title/Polkit#Bypass_password_p…

I do this on every new install.

meekah, 7 months ago

that seems to be exactly what im looking for. thanks

interceder270, 7 months ago

Np :)

Pantherina, 7 months ago

Comments until now where not really helpful.

I had a similar problem, but its not clear what password prompts you are using, as I dont use these software.

But I guess they have different causes.

You have saved Wifi networks and all just working and will not have borked your Kwallet. But for completion, for auto-unlock kwallet needs to

• use blowfish
• use an empty or your login password
• the wallet needs to be set as default in the systemsettings page (really confusing as the rest is done in the apps window)

But discord may use Gnome keyring, and I think there is no integration to autounlock that on KDE which sucks, as Spotube (I think) and some other apps use it too. You may want to disable keystore if that doesnt log you out.

---

The other thing with gpu-screen-recorder will probably be a polkit prompt because the app wants access to… you know GPU stuff.

I made a script to fix these prompts by automatically allowing certain polkit actions for users in the wheel group when logged in and not over ssh. Thats basic polkit config. You can add more for things like updating the system, opening kde-partitionmanager, opening virt-manager (this is fixed by adding the user to the libvirt group), mounting and unlocking LUKS drives.

github.com/trytomakeyouprivate/polkit-helper

You get the name of the process (hopefully not just “sudo do that” by clicking on “details” in the KDE polkit prompt

---

So yeah so much without any actual description of the problem or just screenshots of the dialogs and a list of the apps.

For easy debug info targeted towards KDE bugs, i created sysinfo, similar to KDEs kinfo but better and with the option to append app names, package manager query etc.

github.com/trytomakeyouprivate/KDE-sysinfo-CLI

meekah, 7 months ago

that polkit helper looks really cool, thank you!

ctr1, 7 months ago

Personally, I’ve relied on an OnlyKey for a few years (with backups and an extra fallback device) and haven’t needed to type passwords since. This doesn’t help with the number of prompts, but it does make them easier to dismiss.

I do use autologin, but I don’t use a system wallet (only KeePassXC, which I do need to unlock manually). Autologin with system wallets can be tricky, but I’ve had some luck setting it up in the past. You might want to check out this wiki for PAM configuration.

meekah, 7 months ago

hmm, interesting idea for sure. I think I would just leave it plugged in 24/7 though so I think I’ll skip this one for now.

ctr1, 7 months ago

Yeah for me it’s been great and I do essentially leave it plugged in the whole time I’m using my PC (attached to my keys). It does require a pin entered each boot, so leaving it in would still offer security. But as someone else mentioned getting kwallet PAM working would make things easier in any case

UnRelatedBurner, 7 months ago

may I ask how do you unlock it manually? Like what do you have to type in, specifically? /s

MyNameIsRichard, 7 months ago

---

infinitevalence, 7 months ago

That’s so cool! I did not know that Lemmy would automatically put in stars when you type a password!

****************

Damn that’s cool!

4am, 7 months ago

hunter2

4am, 7 months ago

Hey wait why does it still show for me

infinitevalence, 7 months ago

*******

Just shows stars on my screen.

ctr1, 7 months ago

Lol. I press a button on the device (which I unlocked with a pin before boot), but it would be nice to have the DB unlock automatically

squarm, 7 months ago

Idk about the gpu screen recorder but for the keychain for Discord if you disable the KDE wallet subsystem (which is just in the kde system settings) it should stop asking. it’s never caused me an issue and made the discord popup go away. its a dirty solution but its what worked for me.

meekah, 7 months ago (edited 7 months ago)

I’ll disable it and see what happens next reboot. Earlier I tried some flag when launching discord that was supposed to make the prompt go away but that didn’t work. Thanks for that tip.

edit: awesome! this worked. now I just need to figure out flatpak and the screen recorder :D

Botzo, 7 months ago

To hazard a guess, this is a gnome keyring asking to be unlocked after login?

Caveat: it has been a few years since I was on gnome.

You can tie it to the login with the gnome keying PAM module.

meekah, 7 months ago

I’m not sure what keyring exactly, but I would be suprised if it was the gnome keyring because I am using KDE

Botzo, 7 months ago

Bah, I read Nobara and assumed gnome. You said KDE right there.

Well, good news: Kwallet has a similar feature, albeit through an extra package: wiki.archlinux.org/title/KDE_Wallet#Unlock_KDE_Wa…

Ozzy, 7 months ago

I really want to know this too, I’ve been looking for a fix for this but no luck. Waiting to hear replies

meekah, 7 months ago

in case you’re wondering about discord specifically, turning off the KDE wallet subsystem in the system settings worked for me, since I didn’t use it anyways.

TonyToniToneOfficial, 7 months ago

Subbed because I’d like to know, too