Default setting for remembering password should be remember until logout

Bug #392589 reported by William Hood
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Fix Released
One Hundred Papercuts
Fix Released
nautilus (Ubuntu)
Fix Released
Ubuntu Desktop Bugs

Bug Description

When accessing a windows file share (or other network resource) that requires a password, the radiobutton defaults to "Forget password immediately". While this is understandable for security reasons, it is a usability "paper cut" because one will typically be confronted with the same password prompt again in very short order (without even closing the nautilus window). Just yesterday this got a smirk out of a Windows user looking over my shoulder that I had to enter the password "again." This has also been an annoyance for me for quite a few years.

The default should be "Remember password until you logout" which will be more what end users are used to without too great a compromise on security.

To repro:
1. Using nautilus, access a windows file share that requires a domain\username\password. For me this typically happens when I access the root share of a computer (smb://servername) .
2. Enter authentication information, keeping the radio button on "Forget password immediately".
3. Access one of the shares listed. Usually when I start with the root share of the computer, keep the "Forget password immediately" setting, then access one of the listed shares I am prompted for a password a second time.

Repeat the above procedure, but this time select "Remember password until you logout". When you access the share below the root it will not prompt a second time (and my windows-using coworker would not have smirked).

Tags: nautilus

Related branches

Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for your bug report. The issue is an upstream one and it would be nice if somebody having it could send the bug the to the people writting the software (

Changed in nautilus (Ubuntu):
assignee: nobody → Ubuntu Desktop Bugs (desktop-bugs)
importance: Undecided → Wishlist
Revision history for this message
William Hood (william-a-hood) wrote :

Per Sebastien's request I have filed this upstream with Gnome. In Gnome's bugzilla this is 587909. (

Changed in nautilus (Ubuntu):
status: New → Triaged
Changed in nautilus:
status: Unknown → New
Vish (vish)
Changed in hundredpapercuts:
importance: Undecided → Low
milestone: none → lucid-round-10
status: New → Triaged
summary: - Papercut: Default setting for remembering password should be remember
- until logout
+ Default setting for remembering password should be remember until logout
Revision history for this message
Sebastien Bacher (seb128) wrote :

The issue is not really an hundredpapercut one, shares are mounted for the session until the user unmount those. The reason why smb ask for the password again is that some shares need different credentials for write access for example and giving the default login informations would break that usecase

Revision history for this message
Vish (vish) wrote :

Invalid as per Sebastien's comment.

Changed in hundredpapercuts:
milestone: lucid-round-10 → none
status: Triaged → Invalid
Revision history for this message
David Siegel (djsiegel-deactivatedaccount) wrote : Re: [Bug 392589] Re: Default setting for remembering password should be remember until logout

Yes, but which case is the 80% use case -- user wants the password to be
remembered for the duration of the session and will not be asked for
different credentials for the same SMB share, or a user will be asked
different credentials? If the latter is a corner case, which affecting SMB
shares only suggests it is, we should still consider changing the /default/
behavior so that most users benefit from a better default, while the
possibly relatively smaller population of SMB users exhibiting the use case
Seb describes should be the ones to use a non-default setting.

Changed in hundredpapercuts:
status: Invalid → Incomplete
Revision history for this message
Sebastien Bacher (seb128) wrote :

the default should be changed for smb only then? do you agree it's a non issue with other protocoles since the shares are usually listed as mounted for the session?

Revision history for this message
David Siegel (djsiegel-deactivatedaccount) wrote :

If more than 80% of users would benefit from the "remember until session
ends" options, and the remainder of users would still be able to accomplish
tasks involving different credentials for the same share, and it doesn't
pose a significant security risk, then I would favor changing the default. I
think the issue is more complex than I understand so I am going to defer to
those who understand SMB use cases better.

Revision history for this message
Oded Arbel (oded-geek) wrote :

as far as I understand, and I'm not using a split access SMB server, if you have a mounted SMB share with read-only permissions, and you attempt to write to it then youd get an error, and gvfs will either try auth away (regardless of the password save state) or not.

Revision history for this message
Fabio Muzzi (kurgan-kurgan) wrote :

I second the idea that the default should be "remember until logout".

Also, I would like to be able to disable completely the "save forever" option, to avoid (non expert) user mistakes.

Vish (vish)
tags: added: nautilus
Vish (vish)
Changed in hundredpapercuts:
status: Incomplete → Confirmed
Revision history for this message
Vish (vish) wrote :

This has now been fixed upstream

Changed in nautilus (Ubuntu):
status: Triaged → Fix Committed
Changed in hundredpapercuts:
status: Confirmed → Fix Committed
Changed in nautilus:
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nautilus - 1:2.30.1-1ubuntu2

nautilus (1:2.30.1-1ubuntu2) maverick; urgency=low

  * Backport upstream changes
  * debian/patches/git_correct_delay_logic.patch:
    - git change to fix a logic error in the directory loading code which
      create a delay to have some shortcut actions to work after loading
      directory (lp: #390662)
  * debian/patches/git_correct_display_name.patch:
    - correctly display the applications names
  * debian/patches/git_correctly_set_default.patch:
    - correctly set the new default software when this one is changed
      (lp: #550004)
  * debian/patches/git_default_thumbnails.patch:
    - set default thumbnails to 64 for better layouting (lp: #497728)
  * debian/patches/git_browser_title_cleaning.patch:
    - clean the title of the file browser dialogs (lp: #439227)
  * debian/patches/git_clean_by_name_rename.patch:
    - 'Change "Clean Up by Name" to "Organize Desktop by Name"' (lp: #388949)
  * debian/patches/git_double_click_launcher.patch
    - 'Ignore > 2 clicks in the icon container' (lp: #389663)
  * debian/patches/git_ctrlq_close.patch:
    - 'Change 'Close all Windows' shortcut to Ctrl+Q.' (lp: #563226)
  * debian/patches/git_store_session_passwords.patch:
    - store the mounts passwords for the session (lp: #392589)
  * debian/patches/git_no_double_browse_entry.patch:
    - don't list a "browser" menu items in browser mode it's the default
      (lp: #388091)
 -- Sebastien Bacher <email address hidden> Wed, 07 Jul 2010 11:11:29 +0200

Changed in nautilus (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Vish (vish) wrote :

Fixed in Maverick

Changed in hundredpapercuts:
status: Fix Committed → Fix Released
Changed in nautilus:
importance: Unknown → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.