Version: (using KDE 4.3.1) OS: Linux Installed from: SuSE RPMs I connected to an SFTP account by dolphin, and instructed it to remember my name and password. Doing so dolphin is able to log in without asking for my credentials but, when I log out from KDE, and then log in, and try to connect to the same account, dolphin shows the password dialog again. Why? I assume, it should only ask again if my credential prove to be wrong (i.e. dolphin gets denied to log in usin the saved data). Moreover, despite showing the password dialog, my user name and passord are filled in correctly. It seems to be a weird behaviour to me. And to be even more weird, the remember credentials checkbox is unchecked on the dialog, and in spite of the fact that I continue logging in without checking it, dolphin won't be willing to forget the saved credentials. Why? I didn't instruct it to remember any further. Can you improve it in order not to ask for already known credentials, but don't remember credentials if users don't want it to do so? In addition to this, I realized that dolphin won't save SMB passwords (despite that it is willing to save SFTP passwords). Is it possible to make it remember any kind of passwords?
It's even worse than I thought before. Now I deleted my credentials from kdewallet by hand, but dolphin is still able to log in to my SFTP account without asking anything, despite the fact that I restarted it entirely, and I also observed that every kio_sftp process has died. Do I have to log out from KDE entirely? This may be a relatively serious security hole.
And there is on more tweak in this case: Now I wanted to connect to a previously unseen SFTP account (with no saved credentials), and I initially instructed it NOT to remember my credentials. Despite this, now I'm still able to log in without providing any information even after restarting dolpin.
And one more big problem: I tried to connect to one more previously unseen SFTP account and instructed dolphin to remember the password, but I typed a wrong password intentionally. Because of access denial, dolphin asked for the correct password, but this time I didn't instruct it to save the password. However I had to realize that dolphin HAS SAVED the originally typed incorrect password to kdewallet! I think it shouldn't save credentials until in validates them (thus, until successfully logging in using them). Moreover, despite the fact that the wrong passwords were saved, I was able to log in without typing password and loginname right until logging out from KDE!!! Dolphin cached the good password and omitted the saved one! After the next KDE login dolphin asked the password again (because it was unable to log in with the saved wrong password, of course), and this time it correctly overwrote the wrong date with the good one. I think, this whole credential saving and restoring mechanism of dolphin should be entireliy revisited. Thank you in advance.
The ability to save passwords is available to each individual KIO slave like http, ftp, sftp. Hence the issue of smb not saving password needs to be opened against the smb ioslave (kio/smb). The problems with sftp not doing the right thing is in the process of being resolved for KDE 4.7 release. See https://git.reviewboard.kde.org/r/101332/
All the issues mentioned here regarding the password caching with sftp have been fixed for the upcoming KDE 4.7 as can be seen from the link I provided in comment #4. For the kio_smb issue, you need to open a ticket against that specific ioslave, i.e. product = kio and component = smb.