News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Going from Mint 18.3 to Mint 18.2

    Posted on MrJimPhelps Comment on the AskWoody Lounge

    Home Forums AskWoody support Non-Windows operating systems Linux – all distros Going from Mint 18.3 to Mint 18.2

    Viewing 2 reply threads
    • Author
      Posts
      • #2169821 Reply
        MrJimPhelps
        AskWoody_MVP

        I have Linux Mint 18.3 Cinnamon on my laptop, but I have decided to do a clean install of 18.2 XFCE for the following reasons:

        * Keyring — I am fed up with the “Keyring” business. I know it is a password database, but I have no idea how to disable it. About the only thing I have read that tells me how to stop the prompt from appearing is to put a blank password. Of course, if I do that, any passwords I have stored will be wide open to hackers, so that isn’t a solution.

        I believe “Keyring” is somehow related to Chrome, because the issue started when I installed Opera, which is based on Chromium. But I can’t find out how to uninstall Opera, although I have tried the uninstall command in the Terminal window, and Opera shows as not being installed in the Software Manager. Yet I am browsing with Opera regularly.

        (This is one of those challenges you face with Linux that doesn’t exist with Windows.)

        “Keyring” evidently started with Mint 18.3, because I never see any “keyring” prompt in 18.2 (I have 18.2 installed on my main computer, and I use Opera all the time on that computer.)

        * Updates — If there are level 1, 2, or 3 updates to install, Update Manager lets me know in the indicator on the task bar. At least that’s how it is supposed to work. Mint 18.3 Update Manager tells me when there are ANY updates to install (even if they are only level 4 or 5). I can’t find a way to limit the notification to level 1, 2, and 3 updates. I therefore have to continually open Update Manager to see what updates are in the list.

        * Passwords — I can pick an easy password in 18.2; but 18.3 won’t let me do that; it forces me to pick a more secure password. There is nothing secure on my laptop, and sometimes other people use the laptop. For this reason I would like to pick something akin to “xyz” or “123”, but it won’t let me, because it isn’t “secure enough”. Why not leave that up to me to decide?

        I know what you’re thinking: why don’t I try the newest version of Linux Mint? I actually did install the newest Mint at first, a few months ago; but there were things I didn’t like about it, so I went with 18.3. (I don’t recall what those things were.) I’m guessing that the above objections don’t get any better in newer versions of Mint (except maybe the one about updates).

        18.2 is pretty much flawless on my main computer, so I will go with it on my laptop.

        Group "L" (Linux Mint)
        with Windows 8.1 running in a VM
      • #2169830 Reply
        JohnW
        AskWoody Plus

        * Keyring — I am fed up with the “Keyring” business. I know it is a password database, but I have no idea how to disable it. About the only thing I have read that tells me how to stop the prompt from appearing is to put a blank password. Of course, if I do that, any passwords I have stored will be wide open to hackers, so that isn’t a solution.

        I believe “Keyring” is somehow related to Chrome, because the issue started when I installed Opera, which is based on Chromium. But I can’t find out how to uninstall Opera, although I have tried the uninstall command in the Terminal window, and Opera shows as not being installed in the Software Manager. Yet I am browsing with Opera regularly.

        (This is one of those challenges you face with Linux that doesn’t exist with Windows.)

        “Keyring” evidently started with Mint 18.3, because I never see any “keyring” prompt in 18.2 (I have 18.2 installed on my main computer, and I use Opera all the time on that computer.)

        I replied to another thread on this topic last year: https://www.askwoody.com/forums/topic/unlock-keyring-in-opera-on-linux-mint/#post-1862350

        After doing some testing, it appeared to be exactly related to whether or not you use auto-login for Mint, or enter your Mint user password at the start of a Mint session.

        If you auto-login to Mint, then you will be challenged by the “Keyring” prompt each time you start a Chromium based browser.

        If you have entered a Mint user password at boot, you will not receive the “Keyring” prompt.

        One suggested workaround for the “Keyring” prompt is to enter a blank password. I think a better solution would be to enter the Mint user password at this point. Either way you will not be prompted again for the remainder of the browser session.

         

        • #2169854 Reply
          MrJimPhelps
          AskWoody_MVP

          I enter a password whenever I log on to Mint; I don’t use auto-logon. Nevertheless, whenever I run Opera, I get a Keyring prompt.

          Group "L" (Linux Mint)
          with Windows 8.1 running in a VM
          • #2169867 Reply
            JohnW
            AskWoody Plus

            In my case I was testing from a VirtualBox VM install (Mint 18.3) and a USB flash thumbdrive install (Mint 19.1).

            I wouldn’t expect the results to be any different with those than from a hard drive install, but who knows? However, I did get consistent results with both Chrome and Opera.

            Do your results vary if you log off from your Mint user session (not shutdown), and log back on?

            • #2170824 Reply
              MrJimPhelps
              AskWoody_MVP

              I didn’t try to log off and back on, so I can’t say. And I’ve already gone back to Mint 18.2, so I won’t be able to test it.

              My thought is that Google started the Keyring stuff about the time that Mint was developing 18.3, and so the Mint folks included Keyring code in 18.3. And Opera, based on Chromium, is triggering the Keyring prompts.

              By the way, I’m back on 18.2, and everything is working beautifully.

              Group "L" (Linux Mint)
              with Windows 8.1 running in a VM
      • #2169902 Reply
        Ascaris
        AskWoody_MVP

        If you wish to go back to 18.2, that is, of course, your choice, since all editions of Mint 18.x will be supported for years to come.  You can upgrade to new versions if you find they have compelling new features, and if not, you can use the older version and still get security updates (Take note, Microsoft, this is how you do it.)  Still, some of your concerns can be addressed, perhaps.

        * Keyring — I am fed up with the “Keyring” business. I know it is a password database, but I have no idea how to disable it. About the only thing I have read that tells me how to stop the prompt from appearing is to put a blank password. Of course, if I do that, any passwords I have stored will be wide open to hackers, so that isn’t a solution.

        If selecting a null password would mean that the passwords are stored in plain text on your PC, they would be potentially vulnerable if you got malware on the system (which is pretty much a “you’ve already lost” situation) or if someone got ahold of your PC physically.  This suggests a few questions, though.  Would the old system that didn’t ask for the keyring password at each use have been any more secure than this?  Without knowing the specifics of what has changed, it’s hard to really tell what the change in security risk would be.  If the old system was storing passwords in plain text, it wouldn’t be any worse to do that with a null password, and if the new system still encrypts the password store with a salted hash based the user password rather than with (for example) a salted hash of the user password and the keyring password, then it would not be wide open just because you used a null password for the keyring.

        I know what you mean about the annoyance with this.  Since my preferred browser, Waterfox, is based on Firefox, and Firefox seems to be determined to follow its “copy Chrome” strategy right to its own demise, I’ve been testing some Chromium-based browsers, especially Vivaldi, and they did all trigger a prompt to unlock the KDE wallet, and I do not use the KDE wallet for any other purpose.

        Even if I were using a Chromium variant, on all of my PCs, the data volume is encrypted with a strong password I enter at boot time, and that data volume is where the password stores for each browser are stored.  The wallet is redundant.

        In KDE, you can just uncheck the box for “Enable Wallet,” and it’s disabled, which I have done.  I don’t know how Cinnamon does it, but something has to be there to disable it, or to cause it to automatically unlock at the time you log into your user account.  It could be in the dconf settings somewhere.

        I believe “Keyring” is somehow related to Chrome, because the issue started when I installed Opera, which is based on Chromium. But I can’t find out how to uninstall Opera, although I have tried the uninstall command in the Terminal window, and Opera shows as not being installed in the Software Manager. Yet I am browsing with Opera regularly. (This is one of those challenges you face with Linux that doesn’t exist with Windows.)

        It’s related to Chromium in that Chromium variants use it, but the keyring itself is part of Mint.

        If you installed Opera using the package manager, it will be uninstallable the same way in the same way that a Windows program that was installed using MSI will be uninstallable using the “add or remove program” UI.  If you used another means to install Opera, like a script or .run file, or if it came in a tarball that you manually extracted, it will not show up in the package manager.  This is the same in Windows… if you get the non-installer version of a program in Windows (usually in a .zip file), it won’t appear in the list of installed programs in the “add or remove programs” section either.  These will have to be deleted manually.

        * Updates — If there are level 1, 2, or 3 updates to install, Update Manager lets me know in the indicator on the task bar. At least that’s how it is supposed to work. Mint 18.3 Update Manager tells me when there are ANY updates to install (even if they are only level 4 or 5). I can’t find a way to limit the notification to level 1, 2, and 3 updates. I therefore have to continually open Update Manager to see what updates are in the list.

        The “level” system in Mint is flawed, and while I initially likened the idea to Woody’s MS-DEFCON, it differs in one important way… the level of an update never changes.  A level 5 update (the most “dangerous” level) is always level 5, even after it has been vetted and not caused any problems.  MS-DEFCON changes in response to reported problems, but the Mint level never did.  The level of each update was based only on what component it was updating, not whether there had actually been any reported issues with it.  It’s misleading, and that’s why Mint has abandoned the concept in favor of integrating Timeshift with the software updater to easily create restore points that can be used in the unlikely event that anything goes wrong.

        * Passwords — I can pick an easy password in 18.2; but 18.3 won’t let me do that; it forces me to pick a more secure password. There is nothing secure on my laptop, and sometimes other people use the laptop. For this reason I would like to pick something akin to “xyz” or “123”, but it won’t let me, because it isn’t “secure enough”. Why not leave that up to me to decide?

        Agreed; it should let you decide.  This is likely configured in the PAM security module, and you are able to change the rules for that, much as you would be able to change the group policy rules in a Pro version of Windows.

        If there’s nothing secure on it, though, that would be at risk if you used a trivial password, why would you be concerned about using a trivial or null password for the keyring?

        There’s nothing wrong with using Mint 18.2 if that’s what you wish… but I am sure there are answers for some or all of your concerns in later versions too.  Just be aware that some of the changes may be related to the desktop environment rather than the Mint version.

         

        Group "L" (KDE Neon User Edition 5.18.3).

        • #2171045 Reply
          MrJimPhelps
          AskWoody_MVP

          Excellent points about password security and the need (or lack of the need) for it.

          It appears that Keyring has been baked into the operating system starting with Mint 18.3.

          I never store passwords in my browser; I always manually type them in. Therefore, I can likely put a blank password for the Keyring. That does seem like the obvious thing to do. But I simply can’t bring myself to do something like that, even though it makes perfect sense.

          I wish the Mint folks would allow you to turn Keyring on or off. Maybe they do, and I simply haven’t found the way to do it.

          Group "L" (Linux Mint)
          with Windows 8.1 running in a VM
          • #2171100 Reply
            Ascaris
            AskWoody_MVP

            I wish the Mint folks would allow you to turn Keyring on or off. Maybe they do, and I simply haven’t found the way to do it.

            KDE’s version of the same, Wallet, will auto-open for you upon login if you don’t have it set to auto-login.  It should allow the user to configure it that way (to open Wallet when a person auto-logs-in; that’s already a security decision that has been made).  In my case, I have all of my sensitive data (such as all browser profile data, ~/Documents, ~/Pictures, etc.), on a LUKS encrypted volume with a very strong password that I enter during the boot process, so a wallet is redundant, as is prompting for my Linux account password five seconds later.  I know I have the encrypted volume; KDE does not.  So why are they making the decisions, assuming things they do not know to be true?

            Perhaps Mint has such an option too, one that will auto open the keyring, so even if it is there, it won’t bug you.  If you have it auto-logging-on, that could be it.  If autologin is not enabled, configuring it to auto-open may be easier than figuring out how to turn it off.

            There is also a way to make Chromium-based browsers stop using the keyring for password data.  If you start the browser with the --password-store=basic parameter, either in the .desktop file or the flags .conf file (wherever Opera puts it), that should get it to store its password data unprotected in the user profile (and since the password store is empty anyway, no biggie there).  That should (hopefully) stop the password prompt.

             

            Group "L" (KDE Neon User Edition 5.18.3).

            • This reply was modified 1 month ago by Ascaris.
    Viewing 2 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Going from Mint 18.3 to Mint 18.2

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.