How do I get rid of excessive password prompts, with the least amount of lost security?
I understand they are important and are what makes linux relatively secure compared to windows.
However, when I boot my PC, I don't want to spend a whole minute to type my password into different promts that keep getting hidden behind other windows that are starting up. I am using Nobara KDE now, but previously when I was using Pop!_OS, none of these prompts showed up.
Currently I have 2 prompts after logging on. One for my keychain when discord autostarts, and one for flatpak when gpu-screen-recorder launches. Interestingly, discord works just fine, with auto logon, regardless of whether the keychain prompt gets canceled or filled with the password.
Any idea on how to get rid of them? I'd prefer if really only that startup prompt was gone, and it would still ask me for the password whenever it launches any other way.
Personally, I've relied on an OnlyKey for a few years (with backups and an extra fallback device) and haven't needed to type passwords since. This doesn't help with the number of prompts, but it does make them easier to dismiss.
I do use autologin, but I don't use a system wallet (only KeePassXC, which I do need to unlock manually). Autologin with system wallets can be tricky, but I've had some luck setting it up in the past. You might want to check out this wiki for PAM configuration.
Yeah for me it's been great and I do essentially leave it plugged in the whole time I'm using my PC (attached to my keys). It does require a pin entered each boot, so leaving it in would still offer security. But as someone else mentioned getting kwallet PAM working would make things easier in any case
Idk about the gpu screen recorder but for the keychain for Discord if you disable the KDE wallet subsystem (which is just in the kde system settings) it should stop asking. it’s never caused me an issue and made the discord popup go away. its a dirty solution but its what worked for me.
I'll disable it and see what happens next reboot. Earlier I tried some flag when launching discord that was supposed to make the prompt go away but that didn't work. Thanks for that tip.
edit: awesome! this worked. now I just need to figure out flatpak and the screen recorder :D
I had a similar problem, but its not clear what password prompts you are using, as I dont use these software.
But I guess they have different causes.
You have saved Wifi networks and all just working and will not have borked your Kwallet. But for completion, for auto-unlock kwallet needs to
use blowfish
use an empty or your login password
the wallet needs to be set as default in the systemsettings page (really confusing as the rest is done in the apps window)
But discord may use Gnome keyring, and I think there is no integration to autounlock that on KDE which sucks, as Spotube (I think) and some other apps use it too. You may want to disable keystore if that doesnt log you out.
The other thing with gpu-screen-recorder will probably be a polkit prompt because the app wants access to... you know GPU stuff.
I made a script to fix these prompts by automatically allowing certain polkit actions for users in the wheel group when logged in and not over ssh. Thats basic polkit config. You can add more for things like updating the system, opening kde-partitionmanager, opening virt-manager (this is fixed by adding the user to the libvirt group), mounting and unlocking LUKS drives.
You get the name of the process (hopefully not just "sudo do that" by clicking on "details" in the KDE polkit prompt
So yeah so much without any actual description of the problem or just screenshots of the dialogs and a list of the apps.
For easy debug info targeted towards KDE bugs, i created sysinfo, similar to KDEs kinfo but better and with the option to append app names, package manager query etc.
in case you're wondering about discord specifically, turning off the KDE wallet subsystem in the system settings worked for me, since I didn't use it anyways.