KWallet: Unterschied zwischen den Versionen
Keine Bearbeitungszusammenfassung |
|||
Zeile 15: | Zeile 15: | ||
# vi /etc/pam.d/sddm | # vi /etc/pam.d/sddm | ||
Hinzufügen / anpassen: | |||
auth optional pam_kwallet5.so | auth optional pam_kwallet5.so | ||
session optional pam_kwallet5.so auto_start | session optional pam_kwallet5.so auto_start | ||
'''Benutzerpasswort und KWallet-Passwort MÜSSEN sein''' | |||
== KeePassXC == | == KeePassXC == |
Version vom 24. Oktober 2020, 17:52 Uhr
Linux:Sicherheit:SingleLogin
Ziel
- Dieser Beitrag beschreibt die Integration in SDDM (Simple Desktop Display Manager), dem Standard Display Manager des Plasma5 Desktop
- Der KDE Wallet Manager ist eine Passwortverwaltung mit der man Zugangsdaten und Passwörter, mit allen Programmen (Network Manager, KMail usw.) die mit KWallet interagieren, unter Plasma5 zentral sichern und verwalten kann.
Voraussetzungen
Vorgehen
Installation
- KWallet wird bei einer Standard-Installation bereits mit installiert.
Konfiguration
# vi /etc/pam.d/sddm
Hinzufügen / anpassen:
auth optional pam_kwallet5.so session optional pam_kwallet5.so auto_start
Benutzerpasswort und KWallet-Passwort MÜSSEN sein
KeePassXC
Opening KeePass securely and automatically in KDE
- So I use KeePass a lot as my password manager.
- Why you should use a password manager is a little beyond this post, but it’s a great way to securely store individual passwords for every use you have, so you can use more secure passwords that you’ll never remember, and when one password is compromised, the other accounts you have remain secure.
- Keepass works good in Ubuntu Linux using the Mono library, and it also works with Android, windows, which I need.
- There is a KeePassX project for a native port, but the normal version works well enough for me.
- So when I logged into KDE4 I would have to type in my Kwallet password (kwallet is the password manager built into KDE – if anyone builds a plugin to read Keepass files, I will send you money) so I could connect to the WIFI, then I would have to type in the master password for KeePass, and then occasionally KOrganizer will ask for my gmail password to sync the calendar.
- This sucks, so I wrote a quick little script to store my KeePass master password in Kwallet, and when KDE starts, retrieve it and start KeePass automatically from the file in my Dropbox folder.
#!/bin/bash # startup keepass with a password from KWallet walletkey=$(/usr/bin/kwalletcli -f Passwords \ -e KeePass) #open Keepass mono /opt/KeePass2/KeePass.exe --lock & #give keepass enough time to actually open, otherwise results are inconsistent sleep 3 # Tell keypass to open your password database mono /opt/KeePass2/KeePass.exe \ "/home/user/Dropbox/keepass/passwords.kdbx" \ -pw:$walletkey
- Then save this script somewhere (I put it in /usr/local/bin/) and then go into Settings -> startup/shutdown and tag it as a script to start when you log into KDE.
- So now I just log in, type in my Kwallet password, and KeePass opens as well.
EDIT – 2015-04-06
- Thanks to everyone who commented below with their ideas on improving this script.
- As mentioned, there’s a security issue with this script, which can be reduced by not using the password directly on the comment line.
- There are two methods below, YMMV, but I ended up with this hybrid:
#!/bin/bash # startup keepass with a password from KWallet walletkey=$(/usr/bin/kwalletcli -f Passwords -e KeePass) dbpath="/home/user/Dropbox/keepass/passwords.kdbx" echo "$walletkey" | mono /opt/KeePass2/KeePass.exe $dbpath --pw-stdin
- This works really well, and the password is only available briefly, really reducing the ease at which it can be sniffed.
- Still not 100%, but security is always a tradeoff between ease of use and effectiveness. Thanks for everyone’s help!
Anwendungen
#!/usr/bin/env bash # set -xv # exec 1>~/keepass.sh.log 2>&1 echo opening KeepassXC ... kwallet-query -f 'keepass' -r 'keepass' kdewallet | keepassxc –pw-stdin ~/cloud/pwd/pwd.kdbx & echo opening volume geschäftlich ... kwallet-query -f 'volumes' -r 'geschaeftlich' kdewallet | sirikali -b stdin -d /media/daten/.geschaeftlich/ -z /home/dirkwagner/geschaeftlich/ & echo opening volume privat ... kwallet-query -f 'volumes' -r 'privat' kdewallet | sirikali -b stdin -d /media/daten/.privat/ -z /home/dirkwagner/privat/ &
Links
Intern
TDOD