Pidgin can save passwords in KWallet
Pidgin is a multi-protocol multi-account instant messenger based on GTK. Although I am a KDE user myself, I like Pidgin more than KDE’s instant messenger (Kopete) – for reasons that I will not discuss here. Still, I hope Kopete will get better eventually.
I use 3 accounts simultaneusly with Pidgin and having 3 password pop-up boxes every time I start it is quite daunting. It kindly offers to remember the passwords for me but it uses a plaintext file for that (the same file it saves the accounts data in).
If “remember password” is checked for one of the accounts just try something like the command below and you (and other people who have access to your files) can see it.
grep 'password' .purple/accounts.xml result: <password>yourpassword</password>
I don’t think that’s ok, not even for my box at home let alone the one at the office. At home it is a bit paranoia, I agree, but at work there are good chances that someone would need access to my box so I would have to give them the user or root password, or they could just use a live cd, or any other means of getting access to the files. So I implemented a Pidgin plugin that allows saving the passwords in KWallet. KWallet is a secure storage system for sensitive data such as passwords. Besides the C/C++ API it offers a decent DBus interface which applications can use to store and retrieve data (my plugin uses it too).
Saving the passwords is just as elegant as the built-in method. In fact, once the plugin is installed the passwords are saved automatically on connect for each account and reused from the storage the next time they are needed. The remember password check-box should be off else the passwords will be saved in the plain text file also!
The installation is very simple. Needless to say KDE and KWallet are required – installing is very simple on most of the Linux distributions (as simple as running
emerge kwallet on Gentoo or
sudo apt-get install kwalletmanager in Ubuntu; make sure the installed software is part of KDE 4.x). Once you have that installed just copy the plugin file to the plugins directory
cd ~/.purple/plugins/ && wget http://gitorious.org/libpurple-kwallet-plugin/libpurple-kwallet-plugin/blobs/raw/master/libpurple_kwallet_plugin.pl
Or you can use your favourite browser for it, just save the file in
Restart Pidgin so that the file is picked-up. If all works well the plugin should show up in the plugins list: accessible via the Tools > Plugins menu in the Buddy List or Ctrl + U; there enable the KWallet plugin.
In case it doesn’t show … there might be a missing dependency on the system. In Gentoo I installed the
dev-perl/Net-DBus package, maybe there is a similar one in your distribution.
In Ubuntu there should be a package like
libnet-dbus-perl that you can install, so you could try:
sudo apt-get install libnet-dbus-perl
or use the package manager you like to install it.
In Fedora the package should be named
perl-Net-DBus and you will also need
pidgin-perl so you could try something like:
sudo yum install perl-Net-DBus pidgin-perl
(thanks to Kyle Kinkaid for the info).
Don’t forget to restart Pidgin after that and enable the plugin.
After enabling the plugin the passwords will be saved into KWallet the first time you enter them and then read from the storage every time they are needed. You will only need to enter the KWallet password to open the safe storage.
If you want to modify a password for an account just disable the account by using the accounts menu from the Buddy List and then enable it again. The password prompt will appear allowing you to enter the new password. On successful connection the new password will be saved to the safe storage.
If you want to see/edit the saved passwords you can use the KWallet Manager application. It adds an icon in the tray. Click on that, open the default wallet (usually called kdewallet) and there you can see all the data saved into it. The Pidgin passwords are in the liburple folder.
If you want to uninstall the plugin
If you don’t want to use the plugin anymore (do you?) just disable it or remove it from
~/.purple/plugins/. The passwords in KWallet can be removed by using the KWallet Manager.
Other places where this plugin can be found
- KDE-Apps.org at http://kde-apps.org/content/show.php/Libpurple+KWallet+Plugin?content=127658
- Gitorious project and version control (Git) repository at http://gitorious.org/libpurple-kwallet-plugin/