Closed Bug 236510 Opened 21 years ago Closed 20 years ago

constant annoying master password prompts

Categories

(MailNews Core :: Backend, defect)

Product:
MailNews Core
Component:
Backend
Version:
1.0 Branch
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 247417

People

(Reporter: nelson, Assigned: Bienvenu)

References

Details

(Keywords: regression)

Recently, for the first time ever, I enabled mozilla's preferences to - remember passwords - Use encryption when storing sensitive data I have saved passwords for a couple web sites that I visit only about twice each year, and for an NNTP server that I visit even less often. I have not configured it to remember passwords for ANY email servers. I have 3 mail accounts and 4 news servers configured. None of the mail accounts is configured to fetch mail automatically at startup. One of the POP email accounts is configured to fetch email every 10 minutes. The rest are configured to NOT fetch mail on a periodic basis. None of the NNTP accounts is configured to check for new messages every so-many minutes. Ever since then, when I fire up mozilla, and visit any of the news servers that I have configured. I begin to get master password prompts. The prompts do NOT say why they're wanted. That is, the prompt doesn't say that it's looking for a password for a certain web site, or for a mail server, or for a certain news server - it just asks for the master password. It shouldn't be prompting me for the master password for the one email site that is configured to check mail every 10 minutes, since I do not have a password saved for that or any mail server. These prompts appear many times each hour. Sometimes they seem to occur twice in rapid succession. At other times, they seem to occur irregularly. When the password prompt appears, it steals focus, so whatever I'm typing at the time goes into the password prompt's text box, rather than into whatever page I was typing in at the time. Once this starts, the ONLY way to stop it from recurring is to shutdown mozilla, and then restart it, and avoid reading any news. mozilla will then be content to not ask for a master password again until I read news again. Boy! is this irritating. I'm beginning to think the only solution is to turn off saving of passwords.
Nelson, Are you running NSS in FIPS mode by any chance ? Or explicitly logging out the softoken ? Normally the softoken is supposed to stay logged in, unless you are in FIPS mode, in which case you get prompted every time a key is needed, and it can be very annoying indeed. That's consistent with what I have seen. It's certainly true that PSM should tell you why it needs token access, though.
No, not FIPS mode.
-> Wallet
Assignee: kaie → dveditz+bmo
Component: Client Library → Password Manager
Product: PSM → Browser
Version: 2.4 → 1.0 Branch
This is mailnews. Once you've visited a news site you've loaded the mail code. The server you've got set to check mail every 10 minutes is firing off a call to wallet to see if we've got a password. Despite a comment in nsMsgBiffManager::PerformBiff saying // so if we need to be authenticated to biff, check that we are // (since we don't want to prompt the user for password UI) The call to wallet causes a prompt in order to unencrypt the passwords to see if we have one of theirs. As mentioned in bug 245813 when we *do* check for passwords this way it's pretty painful if you don't want to enter the master password.
Component: Password Manager → Mail Back End
Depends on: 245813
Product: Browser → MailNews
mailnews isn't putting a password prompt up - wallet is prompting for its own password. Is there a way to tell wallet not to put up the password prompt for the password db itself?
This regressed in November 2003 with check-in 1.48 of nsMsgBiffManager.cpp to fix bug 219162. I'm not sure the wallet call FindPasswordEntry is implemented in a sane way, but it's been that way forever and should have been changed last fall when mail started wanting it to behave differently. See also bug 245813.
Assignee: dveditz → bienvenu
Keywords: regression
In comment 4, Daniel wrote: > The server you've got set to check mail every 10 minutes is firing off a > call to wallet to see if we've got a password. What bothers me is that the behavior WITH wallet in use is SO different that when it was not in use. With no saved password, the behavior was that the 10-minute retries did not APPARENTLY begin until I logged in manually first. I was NOT being asked for the server password every 10 minutes, or EVER, until I manually logged into the server the first time in the session. Once I logged into the server manually, then it started checking every 10 minutes. This seems like exactly the right behavior! Now, with password manager enabled, it's asking me for the Master Password for a server to which I have not logged in, even though I am not attempting and have not attempted to access that server initially. I'm trying to read news. My expectation was set by the behavior without wallet. I expect to be prompted for the Master PW exactly as often as I was being prompted for the server password when I didn't use wallet. So, *why* the behavior *with* wallet is SO DIFFERENT than the behavior *without* wallet escapes me.
I wasn't saying your expectation was wrong, I'm trying to understand what's going on here. It looks like wallet changed slightly as well, and the combination of the changed call in Biff and the enumeration change in wallet had bad results. Mail is asking "give me the password if we happen to have it already" for the express purpose of *avoiding* a prompt, and if passwords are encrypted wallet prompts while trying to see if we have one. Obviously counter-productive, but I'm not sure there's a better wallet API to use. Assuming we changed wallet such that FindPasswordEntry() did not prompt on non-matching hosts (we should), since it's being asked for the password it would still have to prompt when it did find the host.
does fixing bug 247417 fix this? Can I dup this against that bug?
I will attempt to retest this bug with a patched browser and see if the fix for 247417 also addresses this.
Previously, to work around this bug, I had - disabled the "fetch new mail every N minutes" feature in all email accounts, - deleted the stored passwords for all news servers After I restored those features/passwords, I was once-again able to reproduce the problem with older builds, but not with the nightly build from 20040727. So, yes, I believe this bug is now fixed.
duping, thx, Nelson. *** This bug has been marked as a duplicate of 247417 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Product: MailNews → Core
Blocks: 419354
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.