I have to authorise every time Firefox starts up #252
Comments
Does KeeFox work as expected once you authorise the connection until you next restart? After authorising, please check the "KeePassRPC (KeeFox) Options" panel in the KeePass Tools menu. On the "Authorised clients" tab you should see one entry for KeeFox with a random looking unique ID, a long expiry date and a "connected" ticked checkbox. Have you changed any of the default connection security settings? If you're still having problems, please provide more detail about your specific system configuration so we can investigate further. |
I can confirm this issue. |
On the "Settings..." button next to the "Clear history when Firefox closes" option, you can adjust the data that you throw away at the end of each session. I've never used this feature so can't be certain but I suspect that the problem will be that you have opted to delete all "saved passwords". If that's the case, there are two options:
I strongly recommend option 1, not only because it will keep KeeFox more secure but also because the privacy benefit of clearing this part of Firefox after every restart is highly questionable. |
Hey, That indeed worked. Thanks alot |
I have the same problem since the upgrade. The "clear saved passwords" check box in Firefox is not tagged. Security Level is set to "medium". Any other idea what could be wrong? |
#235 comes to mind but unless you're doing anything unusual with your Firefox profile or KeePass config file, it's probably not relevant. Does your "Authorised clients" tab (mentioned above) look OK? Otherwise, maybe try generating and attaching a KeeFox log: https://github.com/luckyrat/KeeFox/wiki/en-%7C-Options-%7C-Logging |
I have seen a similar issue though my situation is different. KeePass repeatedly presents the Authorise New Connection dialog with KeeFox identified as the requestor, even though at that moment in time KeeFox has access to the KeePass database and can successfully conduct logins. KeeFox never offers the dialog to enter the authentication code given by KeePass, not since the first successful authentication. FF Clear Passwords is not checked. The only non-standard thing I do is share a database between two users (the missus and I). It does not, to my knowledge, happen for the first Win 8 user to authenticate (I haven't spent enough time logged in as this user yet), only the user who authenticated second and for whom there are now repetive demands to authenticate. The above FF saved password and KeePassRPC options are from the second user. |
Have just glanced over #235 and there are certainly similarities. It never happaned before the 1.3 upgrade though. |
Yeah the underlying cause is probably similar to #235. Do you have separate Windows user accounts? If so, you should just need to set a different port for KeePassRPC to use for one of the users. You may have already done something similar in the past for the earlier version of KeeFox but the new connection system uses different ports so any such configuration can't be carried over to version 1.3. Take a look at https://github.com/luckyrat/KeeFox/wiki/en-|-Options-|-KPRPC-Port and let us know how you get on. |
Tx. I'm just a little confused, your linked wiki page says: Find your KeePass configuration file and set the port in that file - (while KeePass is closed) insert the following to the <Custom> element: <Item> There are two confusing aspects, the linked KeePass wiki page gives the location of 4 configuration files, I assume it's the local one? C:\Users\User Name\AppData\Roaming\KeePass\KeePass.config.xml Inside that xml file, and after changing the KeeFox settings from within FF there is already this entry: <Key>KeePassRPC.webSocket.port</Key> 12646 being the port I had chosen to differentiate it from 12546. Is the "KeePassRPC.webSocket.port" key different from the "KeePassRPC.connection.port" key? Tx, |
Yes, they are different. The "KeePassRPC.connection.port" key is only used for earlier versions of KeePassRPC and for older versions of KeeFox to be able to connect to the 1.3 version of KeePassRPC so that KeeFox can offer a simple upgrade and downgrade path between versions. The KeePass config file you listed is usually the correct one to modify, unless someone has modified your configuration from the default setup. On Windows though, you shouldn't need to worry about the config files if you're running under separate Windows accounts - just go to the KeePassRPC Options dialog instead and view or set the port there. If you have a non-default configuration it's possible that you will be unable to change the setting from that dialog box but if you've managed to set up things to be that complicated, I'd wager that you would already have a deep understanding of the various KeePass configuration files! |
I, too, have the same problem. Whether I set the "save passwords" checked or unchecked does not make a difference. Windows 8.1 (64bit), FF28, Kepass 2.25, Keefox 1.3.1 update: it does not help to switch all settings to low security both in the plugin settings as well as in keepass. The Authorization dialogue comes up every time. update2: Whether I clear history upon exiting or not, does not make a difference. update3: Only one windows account exists update4: Now also works on medium security settings with deselected password delete upon exit in FF. |
Same problem for me FF 28, Win8.1 x64, Keepass 2.25 and Keefox 1.31, but if I enable password persistance across browser sessions the issue seems resolved. |
@tx3eh8IUD1, have you ever adjusted your KeePass config files? It's late so I might just be missing something but the only reason I can think for the low-security mode to fail would be if something is resetting Firefox or KeePass configuration after every restart. If the issue is strictly repeatable by just restarting Firefox (while KeePass is still running) then it indicates that either your Firefox or KeePass configurations are unable to be saved to disk for some reason (maybe file permissions?). It might help for you to take a look at the detail about where the security information is stored in Firefox and KeePass in case you can investigate those locations more closely to get a clue about what is going wrong: https://github.com/luckyrat/KeeFox/wiki/en-%7C-Technical-%7C-KeePassRPC-detail#connection-security The about:config setting to look for is: extensions.keefox@chris.tomlinson.KPRPCUsername and you should find the KPRPC config keys towards the bottom of your KeePass config XML file. |
@luckyrat However, it took a reboot (?!?!) - though I have no idea why that would be necessary. Doesn't really make logic sense to me. EDIT: Now also works on medium security settings with deselected password delete upon exit in FF. |
Doesn't make sense to me either. Maybe the reboot fixed a problem that was unrelated to whether the security setting was low or not. Glad you've got it working but when you next get a spare moment it would be worth trying to pin down whether and why higher security options fail. |
If anyone following this issue is still having a problem, please read the updated troubleshooting tips related to this problem and let us know if any of the suggestions work for you: https://github.com/luckyrat/KeeFox/wiki/en-%7C-Troubleshooting#i-have-to-enter-a-password-every-time-i-load-keefox |
I had the same issue. But for me authorization was not saved not between Firefox restarts, but between system restarts. Steps to reproduce the problem for me were: open FF, authorization, close FF, close KeePass, open FF again, few seconds after the authorization request pops up. |
Dear @luckyrat I just wanted to drop you a note that it now works. I have all settings on medium, both in KeePass and in Firefox. I deselected "delete passwords on exit" in Firefox but have all other history etc. deletions active. I have made no changes to the default settings in user configuration or anywhere else. Thanks for the great tool! |
The problem persists with KeePass 2.26, FF28, KeeFox 1.3.1, Ubuntu 14.04 x64 "PreferUserConfiguration" is se to "true", but no luck... |
@texpert : Have you followed all of the steps in the troubleshooting guide? (I added a new one regarding PassIFox just yesterday) https://github.com/luckyrat/KeeFox/wiki/en-|-Troubleshooting#i-have-to-enter-a-password-every-time-i-load-keefox |
Yes, @luckyrat , I have disable all the plugins, restarted FF once - entered the password, it connected with KeePass. Quited FF and repeated the procedure - only to get this again - https://db.tt/UJPA7iYD Also, I managed to give all the write permission to the files and directories of KeeFox and KeePass - didn't help, though. |
@texpert Please try the new beta of KeeFox (1.4.0b1: https://addons.mozilla.org/en-US/firefox/addon/keefox/versions/) which contains some extra logging for some types of problems. Then try enabling KeePassRPC logging* and review the log file that gets created. If you want me to cast an eye over it feel free to post it here. * E.g. "mono KeePass.exe --KPRPCDebug=/tmp/kprpc-debug.log" |
Thank you, @luckyrat - the log is attached - had to change its extension :) "Stored key not found - Caused by changed Firefox profile or KeePass instance; changed OS user credentials; or KeePass config file may be corrupt" Where is supposed to be stored? There is a file keefox.sqlite, but it is 0 size. |
The log you've attached is from KeeFox and is interesting but I wonder if the KeePassRPC log would also reveal something interesting (e.g. something like "Could not store KeePassRPC's secret key so you will have to re-authenticate clients such as KeeFox."...) The KeePassRPC log file would be placed in whatever location you list in the --KPRPCDebug command line parameter demonstrated above. I notice that your KeePass program is running inside a ".wine" directory which I presume means that you either run KeePass through WINE, or have done in the past. This is the first time I've seen anyone trying to use WINE to execute KeePass so I am naturally very suspicious of this setup. I've not really got any significant experience of using WINE so I can't be sure how it would interact with the combination of Mono and local communication with Firefox. It sounds like it is more or less working for you (or it is not using WINE at all but just sharing a folder?) It's possible that the problem relates to either running KeePass within WINE or within the WINE folder structure so if you can try some alternative configurations that could give us some useful information to further diagnose the problem. The key being referred to by that error message (which incidentally is sent from KeePassRPC but reported into the KeeFox log file) is stored within the KeePass XML config file (there are several possible locations for this - you'll have to look up the details on the KeePass.info website). The key is encrypted using a standard encryption system provided by Windows and Mono and any problems performing this encryption would be reported by the 1.4.0 beta as described above. |
Here you can see attached the KeePassRPC log and KeePass.config.xml - I can't see any key in it. KeePass just have been running its installation using Wine, as I understand. So, it is barely residing in Wine folder tree, but not using Wine (old KeePass was installed at /usr/lib/KeePass 2, but also required authorization every time when starting FireFox). |
That's the problem. Looks to be the same as described in #263. You should be able to fix it by removing the keypairs directory. |
Yes!!! Thank you very much, @luckyrat!!! (Mono recently had big updates - maybe something changed or got broken - the file was dated 2013, June) |
There's nothing specific here to fix so I'm closing the issue. Feel free to continue discussion here if you have further advice regarding the solutions proposed above but for generic "KeeFox keeps asking me for a password" problems, please post on the forum, after following the troubleshooting guide of course. https://github.com/luckyrat/KeeFox/wiki/en-|-Troubleshooting#i-have-to-enter-a-password-every-time-i-load-keefox |
Late to the party...Ubuntu 14.04, FF30. KeeFox 1.4.2 Restarting FF starts a loop with KeePass that is hard to break without closing both down and starting from scratch. |
Sounds about right. There are probably some problems with your file system (probably just some bad permissions on your KeePass config files). A KeePassRPC log might help narrow down the problem but it might just confirm this guess so I'd suggest exploring that possibility first. |
so in Ubuntu, keepass is installed to /usr/lib/keepass2 which is only readable by root. Since the plugin goes in that folder ... same thing. Is that it? How can move or install keepass to my home folder? ( I suppose I could also change permissions on /usr/lib/keepass ) |
It's not the plugin that needs write access, it's your KeePass config file. It can be a bit complicated to explain all the different locations that you can put a config file and I've never looked into the options on a Linux machine but I expect that the KeePass docs will help you work out a way that you can enable write access to the config file but keep stricter permissions elsewhere: http://keepass.info/help/base/configuration.html |
|
Although an old thread, this is the first hit when I google "keefox authenticate every time" so it seems like a sensible place to add in how I solved the issue. My issue was that I was having to put in the authentication password every time I started Firefox. The answer, after trying many complicated things, was very simple. I just had to put Keepass somewhere other than my C:/Program Files folder. It's on another drive now and I have only had to authenticate once. I also had to go into the Keefox options, go to the Keepass tab, point at my Keepass directory and tick the 'remember settings' box. Otherwise it installs Keepass to the Program Files directory automatically. Thanks for Keefox. It's a brilliant extension and I would struggle to get by without it nowadays. |
The solution for linux folks sure seems to be removing the folder \home.config.mono\keypairs See issue: https://discussions.zoho.com/keefox#Topic/71684000000570013 Thanks! |
Thanks for this solution, same behaviour happened to me in Ubuntu 15.04 and FF37! :) |
Removing
For following config:
|
Sorry to revive this, but I recently started experiencing this issue. I'm running on Windows, so the keypairs fix does not apply. I have the following config:
In KeePass, the KeeFox options authorize the client for one year minus one day, yet, if I close and open FF, I will be asked to reenter the authorization code. |
Have you tried my solution above (install KeePass somewhere off your C drive)? |
@justposted I would like to avoid that as much as possible. |
Fair enough. Might be worth trying it by just copying your KeePass folder somewhere (maybe a USB drive) and pointing KeeFox at it. Then at least you'll know if the problem is with permissions on your C drive. |
I tried to put it somewhere else on my C: drive, and I got the same result. |
Anyone? @luckyrat ? |
Have you tried everything in https://github.com/luckyrat/KeeFox/wiki/en-%7C-Troubleshooting#keepassrpc-authorisation ? |
fuuuuuuuu.... It was the "saved passwords" from the clear history that was checked. |
You write one has to authorise once every year at the standard settings, but every time Firefox starts up, I get the 'authorise a new connection' window
The text was updated successfully, but these errors were encountered: