Home > KDE, Linux > Pidgin can save passwords in KWallet

Pidgin can save passwords in KWallet

Pidgin is a multi-protocol multi-account instant messenger based on GTK. Although I am a KDE user myself, I like Pidgin more than KDE’s instant messenger (Kopete) – for reasons that I will not discuss here. Still, I hope Kopete will get better eventually.

I use 3 accounts simultaneusly with Pidgin and having 3 password pop-up boxes every time I start it is quite daunting. It kindly offers to remember the passwords for me but it uses a plaintext file for that (the same file it saves the accounts data in).

If “remember password” is checked for one of the accounts just try something like the command below and you (and other people who have access to your files) can see it.

grep 'password' .purple/accounts.xml
result:
<password>yourpassword</password>

I don’t think that’s ok, not even for my box at home let alone the one at the office. At home it is a bit paranoia, I agree, but at work there are good chances that someone would need access to my box so I would have to give them the user or root password, or they could just use a live cd, or any other means of getting access to the files. So I implemented a Pidgin plugin that allows saving the passwords in KWallet. KWallet is a secure storage system for sensitive data such as passwords. Besides the C/C++ API it offers a decent DBus interface which applications can use to store and retrieve data (my plugin uses it too).

Using LibPurple-KWallet-plugin

Saving the passwords is just as elegant as the built-in method. In fact, once the plugin is installed the passwords are saved automatically on connect for each account and reused from the storage the next time they are needed. The remember password check-box should be off else the passwords will be saved in the plain text file also!

Pidgin Asks for Access to the KWallet Prompt Screenshot

Pidgin Asks for Access to the KWallet

Installation

The installation is very simple. Needless to say KDE and KWallet are required – installing is very simple on most of the Linux distributions (as simple as running emerge kwallet on Gentoo or sudo apt-get install kwalletmanager in Ubuntu; make sure the installed software is part of KDE 4.x). Once you have that installed just copy the plugin file to the plugins directory

cd ~/.purple/plugins/ && wget http://gitorious.org/libpurple-kwallet-plugin/libpurple-kwallet-plugin/blobs/raw/master/libpurple_kwallet_plugin.pl

Or you can use your favourite browser for it, just save the file in ~/.purple/plugins/.

Restart Pidgin so that the file is picked-up. If all works well the plugin should show up in the plugins list: accessible via the Tools > Plugins menu in the Buddy List or Ctrl + U; there enable the KWallet plugin.

Pidgin Plugins List Screenshot

Pidgin Plugins List

In case it doesn’t show … there might be a missing dependency on the system. In Gentoo I installed the dev-perl/Net-DBus package, maybe there is a similar one in your distribution.

In Ubuntu there should be a package like libnet-dbus-perl that you can install, so you could try:

sudo apt-get install libnet-dbus-perl

or use the package manager you like to install it.

In Fedora the package should be named perl-Net-DBus and you will also need pidgin-perl so you could try something like:

sudo yum install perl-Net-DBus pidgin-perl

(thanks to Kyle Kinkaid for the info).

Don’t forget to restart Pidgin after that and enable the plugin.

After enabling the plugin the passwords will be saved into KWallet the first time you enter them and then read from the storage every time they are needed. You will only need to enter the KWallet password to open the safe storage.

If you want to modify a password for an account just disable the account by using the accounts menu from the Buddy List and then enable it again. The password prompt will appear allowing you to enter the new password. On successful connection the new password will be saved to the safe storage.

If you want to see/edit the saved passwords you can use the KWallet Manager application. It adds an icon in the tray. Click on that, open the default wallet (usually called kdewallet) and there you can see all the data saved into it. The Pidgin passwords are in the liburple folder.

KWallet Manager Screenshot

KWallet Manager Showing the Default Wallet

If you want to uninstall the plugin

If you don’t want to use the plugin anymore (do you?) just disable it or remove it from ~/.purple/plugins/. The passwords in KWallet can be removed by using the KWallet Manager.

Other places where this plugin can be found

About these ads
  1. This plugin has a bug.
    April 15, 2011 at 18:49 | #1

    Please this plugin doesn’t start kwalletd on itself.
    So unless kwalletd is already loaded, this plugin fails to open a wallet.

    • April 17, 2011 at 15:18 | #2

      Yes, you are right. I applied your patch and now the daemon is started, thank you!

  2. June 10, 2011 at 11:58 | #3

    There is one problem with this: it doesn’t ask you whether you want to open the local or the network wallet and always defaults to the local one. For me it’s a huge problem, because I use my network wallet for transfering passwords to other PCs (encrypted with OpenSSL, of course). So when it’s saved in the local wallet, I lose it each time I need to switch to another PC.

    Oh, and just for reference, on OpenSUSE 11.4 the dependency is named perl-Net-DBus.

    • June 12, 2011 at 16:40 | #4

      Added a feature – the wallet to use can be chosen in the plugin configuration dialog (Tools > Plugins, select the KWallet plugin then click “Configure plugin”). Don’t forget to download the latest version first.

      Thank you for reporting this and please let me know if this update works as expected.

      • June 16, 2011 at 13:59 | #5

        I’ve tested this out for a while, and while this feature seems to work fine, for some reason Pidgin sometimes starts with the plugin disabled. Or maybe it gets disabled if it doesn’t get an answer from KWallet after some time? I can’t tell for now.

    • June 16, 2011 at 20:13 | #6

      I’m glad the new feature works fine. If you can help me to reproduce the bug I will try to solve it. The behaviour should be that if there is no answer from KWallet (request denied, kwalletd lock or unable to start) the normal password dialog should be shown, but not disable the plugin. However sometimes this bug appears https://bugs.kde.org/show_bug.cgi?id=254198

      • June 26, 2011 at 11:01 | #7

        Every time I waited long enough for it to show the password dialog so far made it disable the plugin, so I’d say it’s reproducible in my case. And it doesn’t seem to be related to that bug (although there are two programs trying to access it, Amarok and Pidgin), since it doesn’t lock up. It works fine for both applications if I enter it fast enough and works fine after I re-enable the plugin if I don’t enter it fast enough.

      • July 15, 2011 at 22:32 | #8

        Fixed the issue with the plugin being disabled when the user did not enter the password quickly enough. That also avoids conflicts with other applications requesting access to KWallet. Once again thank you for testing.

  3. Kyle Kinkaid
    October 18, 2012 at 21:01 | #9

    Hi, for some reason, I cannot get pidgin to show the plugin. I use Fedora 16 with Pidgin 2.10.5. I downloaded the libpurple_kwallet_plugin.pl file then created the plugins directory under .purple (it didn’t exist previously) and placed the .pl file there. I also installed via yum
    perl-Net-DBus and the Purple module from CPAN but the plugins list is empty. Just to check, I run the .pl file via perl and there are no errors. Any ideas? Thanks.

    • greatemerald1
      October 20, 2012 at 00:16 | #10

      Check Pidgin’s log. The plugin definitely still works to this day, because I reinstalled it literally yesterday (though it was on openSUSE).

      • October 20, 2012 at 00:26 | #11

        It’s all right, we’ve solved it. The Purple CPAN module had to be removed (doesn’t have anything to do with Pidgin or LibPurple) and a package called pidgin-perl (that has libpurple-perl as a dependency) had to be installed. I’ve also updated the post to reflect that. Thank you both for your feedback.

  4. March 16, 2013 at 13:36 | #12

    Awesome app. However, the behaviour is non-standard. If the user does not want to save, the password for a particular account, he cannot do it. I can think of two options for handling this case.

    1. In configure plugin options, give an option whether password is saved automatically on login or when remember password option is selected (in the latter case remeber password should not save the password to file).

    2. The second better alternative is that an additional option “Save password in kwallet” should be presented in the password prompt dialog. Only if the user selects this option will it be saved to Kwallet. I don’t think this is much effort though.

    • March 17, 2013 at 11:21 | #13

      Unfortunately, the best that I can do is put options in the plugin config, per account, that can prevent the save of the password in KWallet (and have it unchecked by default). From the plugin I can’t control the password save form or the fact that if “Remember password” is checked it will save it to the file.

      • March 17, 2013 at 15:27 | #14

        Not the most preferable way but if that option is added, at least user can decide which passwords he wants to have saved to kwallet. However, you might want to check with the developers if one of the previous options is not really feasible.

  5. April 4, 2013 at 05:43 | #15

    I see a security bug with your plugin (using the latest one with Pidgin 2.10.6). I enable “save password” and it stores it in KWallet, however the password is also being stored in ~/.purple/accounts.xml in unencrypted form at the same time! Which defeats the purpose of the plugin. Am I missing something here?

    • April 4, 2013 at 11:19 | #16

      Did you check the “Remember password” check-box? It should be off else the passwords will be saved in the plain text file also.

      • April 4, 2013 at 19:06 | #17

        I checked it off, but then the plugin doesn’t save anything in the KWallet and I have to enter the password every time. Quite confusing.

    • April 4, 2013 at 20:26 | #18

      It should have saved it if the plugins was active. You can run Pidgin from the command-line with ‘pidgin -d’ to see debug messages. You should also enable the debug window (Help > Debug Window in the Buddy List window). The messages there should give you clues about why is it not working properly.

      • April 21, 2013 at 04:44 | #19

        Here is a trace from the log: http://pastie.org/7677833

        ( was the actual XMPP id). For some reason it doesn’t want to store it since it thinks it’s “empty” (but it’s not empty of course).

  6. April 4, 2013 at 11:32 | #20

    It seems the Pidgin devs have some Google Summer of Code projects that should address the issue of passwords saved in plain-text. They didn’t merge it yet (and it’s from 2008). I hope they do eventually, there are some things plugins can’t touch … in which case some sort of “hacks” are needed (like not checking “Remember password” or adding a plugin config section for excluding passwords for some accounts from being saved to KWallet). I would be happy with those changes even if this plugin will then be obsolete.

    Another issue is … I can’t make any plugin work with Pidgin after upgrading to Perl 5.16. Created a ticket https://developer.pidgin.im/ticket/15377 – no useful response in a few months now. Maybe it’s just my Gentoo (having this on 3 machines, on both 32 and 64 bits). Do you have this issue (do you have Perl 5.16 that is)?

  7. April 4, 2013 at 11:50 | #21

    While on this subject, what about IRC password saving? The problem with that is that I can’t have it saved it in KWallet, as connecting to IRC does not bring up the password prompt (as IRC passwords are optional), and entering the password in the account settings (without checking the remember box) doesn’t seem to save it in KWallet.

  1. July 20, 2010 at 21:24 | #1

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: