Closed Bug 236510 Opened 20 years ago Closed 20 years ago

constant annoying master password prompts

Categories

(MailNews Core :: Backend, defect)

Product:
MailNews Core
Component:
Backend
Version:
1.0 Branch
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 247417

People

(Reporter: nelson, Assigned: Bienvenu)

References

Details

(Keywords: regression) 

Recently, for the first time ever, I enabled mozilla's preferences to 
  - remember passwords
  - Use encryption when storing sensitive data

I have saved passwords for a couple web sites that I visit only about 
twice each year, and for an NNTP server that I visit even less often.  
I have not configured it to remember passwords for ANY email servers.

I have 3 mail accounts and 4 news servers configured.  None of the mail 
accounts is configured to fetch mail automatically at startup.  One of 
the POP email accounts is configured to fetch email every 10 minutes.
The rest are configured to NOT fetch mail on a periodic basis.  
None of the NNTP accounts is configured to check for new messages every
so-many minutes.

Ever since then, when I fire up mozilla, and visit any of the news servers
that I have configured. I begin to get master password prompts.  The prompts
do NOT say why they're wanted.  That is, the prompt doesn't say that it's 
looking for a password for a certain web site, or for a mail server, or for 
a certain news server - it just asks for the master password.  It shouldn't
be prompting me for the master password for the one email site that is 
configured to check mail every 10 minutes, since I do not have a password
saved for that or any mail server.

These prompts appear many times each hour.  Sometimes they seem to occur 
twice in rapid succession.  At other times, they seem to occur irregularly.  

When the password prompt appears, it steals focus, so whatever I'm typing 
at the time goes into the password prompt's text box, rather than into 
whatever page I was typing in at the time.

Once this starts, the ONLY way to stop it from recurring is to shutdown 
mozilla, and then restart it, and avoid reading any news.  mozilla will then 
be content to not ask for a master password again until I read news again.

Boy! is this irritating.  I'm beginning to think the only solution is to 
turn off saving of passwords.
Nelson,

Are you running NSS in FIPS mode by any chance ? Or explicitly logging out the
softoken ? Normally the softoken is supposed to stay logged in, unless you are
in FIPS mode, in which case you get prompted every time a key is needed, and it
can be very annoying indeed. That's consistent with what I have seen.
It's certainly true that PSM should tell you why it needs token access, though.

No, not FIPS mode.
-> Wallet
Assignee: kaie → dveditz+bmo
Component: Client Library → Password Manager
Product: PSM → Browser
Version: 2.4 → 1.0 Branch
This is mailnews. Once you've visited a news site you've loaded the mail code.
The server you've got set to check mail every 10 minutes is firing off a call to
wallet to see if we've got a password. Despite a comment in
nsMsgBiffManager::PerformBiff saying

      // so if we need to be authenticated to biff, check that we are
      // (since we don't want to prompt the user for password UI)

The call to wallet causes a prompt in order to unencrypt the passwords to see if
we have one of theirs.

As mentioned in bug 245813 when we *do* check for passwords this way it's pretty
painful if you don't want to enter the master password.
Component: Password Manager → Mail Back End
Depends on: 245813
Product: Browser → MailNews
mailnews isn't putting a password prompt up - wallet is prompting for its own
password. Is there a way to tell wallet not to put up the password prompt for
the password db itself?
This regressed in November 2003 with check-in 1.48 of nsMsgBiffManager.cpp to
fix bug 219162.

I'm not sure the wallet call FindPasswordEntry is implemented in a sane way, but
it's been that way forever and should have been changed last fall when mail
started wanting it to behave differently. See also bug 245813.
Assignee: dveditz → bienvenu
Keywords: regression
In comment 4, Daniel wrote:

> The server you've got set to check mail every 10 minutes is firing off a 
> call to wallet to see if we've got a password.

What bothers me is that the behavior WITH wallet in use is SO different
that when it was not in use.  

With no saved password, the behavior was that the 10-minute retries did not
APPARENTLY begin until I logged in manually first.  I was NOT being asked 
for the server password every 10 minutes, or EVER, until I manually logged
into the server the first time in the session.  Once I logged into the
server manually, then it started checking every 10 minutes.  This seems 
like exactly the right behavior!

Now, with password manager enabled, it's asking me for the Master Password
for a server to which I have not logged in, even though I am not attempting
and have not attempted to access that server initially.  I'm trying to 
read news.  

My expectation was set by the behavior without wallet.  I expect to be
prompted for the Master PW exactly as often as I was being prompted for
the server password when I didn't use wallet.  So, *why* the behavior 
*with* wallet is SO DIFFERENT than the behavior *without* wallet escapes me.
I wasn't saying your expectation was wrong, I'm trying to understand what's
going on here. It looks like wallet changed slightly as well, and the
combination of the changed call in Biff and the enumeration change in wallet had
bad results.

Mail is asking "give me the password if we happen to have it already" for the
express purpose of *avoiding* a prompt, and if passwords are encrypted wallet
prompts while trying to see if we have one. Obviously counter-productive, but
I'm not sure there's a better wallet API to use. Assuming we changed wallet such
that FindPasswordEntry() did not prompt on non-matching hosts (we should), since
it's being asked for the password it would still have to prompt when it did find
the host.
does fixing bug 247417 fix this? Can I dup this against that bug?
I will attempt to retest this bug with a patched browser and see if the 
fix for 247417 also addresses this.
Previously, to work around this bug, I had 
 - disabled the "fetch new mail every N minutes" feature in all email accounts,
 - deleted the stored passwords for all news servers
After I restored those features/passwords, I was once-again able to reproduce
the problem with older builds, but not with the nightly build from 20040727.
So, yes, I believe this bug is now fixed.  
duping, thx, Nelson.

*** This bug has been marked as a duplicate of 247417 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Product: MailNews → Core
Blocks: 419354
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.