Each and every time I start the desktop client on my Linux machine, it is asking to be granted access to the NC server, and I need to login to my server and confirm the “new” device — again and again and again and…
And each time a “new” device is registered in NC and a new app password is generated. It doesn’t matter if I start the client for a second time during the same desktop session, or if I reboot my pc before starting the client one more time.
My NC server:
Small SoC (64 bit)
Debian Trixie
Nginx
NC 32 (“latest”)
NC desktop client’s version: 3.16.0.
It seems like the desktop client does not remember the password, but I can’t find any option for this in the settings.
My desktop and the server are on different subnets. Could it be a possible firewall issue?
What else could be wrong there?
Thanks in advance for any help!
If you need more information about my setup, please let me know!
You should provide more details about your desktop setup:
which Linux distribution and version you use,
which desktop environment and whether a keyring/credential store is running (e.g. Gnome Keyring, KWallet),
how you installed the client (repo, Flatpak, AppImage),
You’re running Nextcloud Desktop Client 3.16.0, which is already outdated.
For example, I’m on CachyOS and using the package from the repo — the version there is 3.17.2, which is also the latest AppImage available on the Nextcloud website.
I’d suggest updating first before digging deeper into the issue.
No. My Linux Dektops and the NC-Server are also in different subnets. Beside the questions @vawaver was asking you it may be also important what knid of Desktop-Client installation you use, e.g. Appimage, Snap, deb, We don’t even know wich Linux Distro you are using, e.g. *buntu, Fedora …
Thanks for your replies! I will try to give you as much information as needed:
Nextcloud is running on “Armbian 25 trixie”
On my PC I’m using KDE Neon 24.04
Nextcloud client has been installed out of the distribution’s repositry, that’s also the reason why it is “outdated”, as you call it, but there’s no update available at this time.
There is no keyring/credential store running on my PC.
About the last point: if a password wallet was necessary to run the client, I would have expected “apt install…” to announce the appropriate dependencies. When I installed my desktop way back then, I spared that part for very specific reasons, and if possible, I would like not having to install it just to use NC client.
Okay i don’t use KDE but xfce (Xubuntu 24.24 and Debian 12). Both uses the Gnome Keyring to store Nextcloud Client Credentials. KDE don’t use Gnome Keyring but KDE Wallet, at least if you would use Kubuntu 24.04. KDE Neon 24.04 is based on *buntu 24.04 LTS. KDE Wallet is also kalled KWalletManager
So, this means there is an unfulfilled dependency in the repos, and NC client does require KWallet to be of any use, right?
I am just experimenting with the command line client. That one is capable of using a netrc file. Does the GUI client offer this option as well? That would be much more preferred that KWallet.
So the maintainer of your used desktop client is NOT Team Nextcloud but the KDE Neon 24.04 distribution’s. So your suggestion is wrong here but need to be published in a KDE Neon Support Forum or similar.
I agree partly. What I don’t know is who made the desktop client dependent on an external password keeping app? Was it the original developer or was it the maintainers of the distribution package?
Don’t get me wrong here: I’m not blaming anyone, I am just expressing my thoughts about depending on yet another app, that isn’t even announced when installing the client.
I get your point, but my question is: who made NC client depending on KWallet or similar? Who coded the routines that save the password into an external third party app?
I ask in return: why reinvent the wheel when someone else has already invented it?
In other words: why create a secure alternative storage location for the credentials required for Nextcloud login when almost all Linux distributions already include such a storage location (applications like Gnome Keyring or KWallet)?
And by the way, a single central application also simplifies data backup and restore for your credentials, because you only have to back up these single credential application and not many different applications and files that store credentials.
But, on the other hand, having all passwords in one external password manager also inherent the risk of loosing all passwords it this file is corrupted, e.g. by a faulty disk.
Secondly, if you search the web for questions about the exact problem like mine (NC client wants to be granted access every time it is started) you will see that there are many, many users who are facing problems because of the external pw manager, no matter what desktop GUI they use. Some can’t be initialised/opened by the login manager, some can’t find a pw manager suitable for their desktop, some can’t make pam modules working, some didn’t install a pw manager at all (like me) and run into this problem.
Those are reasons why I believe it would make life much easier for many users if NC client would just store its password in its own configuration file rather than depend on a third party app.
Which is absolutely no issue, because obviously you shouldn’t use KWallet as your only place to store passwords. In fact, I wouldn’t even recommend actively using it as a password manager like KeePass or similar tools, but rather just keep it around as a service to provide applications like the Nextcloud desktop clinet a secure place to store and remeber your credentials. Otherwise, each application would have to implement its own password storage mechanism, and the level of security would depend entirely on how well the individual developers implemented it.
Yeah, and that would be the most insecure, and therefore the worst way to store credentials: in plain text inside a configuration file.
How many lines of code are necessary for this? Two? Or is three? Maybe four?
And now the level of security depends on the developer who implemented the external password storage, of which there are how many…???
I never said anything about storing the password in plain text, I don’t know why you presume this.
But enough of this senseless discussion. I can see you’re neither interested in hearing a user’s arguments nor do you want to think about what users really want and what could make their life easier.
If you think it’s that easy why not provide a pull request? Or at least open a proper feature request on GitHub.
Then maybe elobarate on this, but pereferibly in a feature request on GitHub, because here we can only work with what we already got.
And just to be clear: I’m not saying such a feature should never be implemented. I just think it’s generally preferable, to rely on OS-level mechanisms for this, but that’s just my opinion.
Just as a side note, I’d understand why this is important to you if you were using a minimal distribution with, say, an exotic window manager. In that case, I probably wouldn’t want to install KWallet either. But you’re using KDE Neon, a fully-fledged KDE desktop distribution. This most likely means that you went out of your way to uninstall KWallet; otherwise, it would have worked out of the box.
And just one more thing, because I can’t leave this uncommented …and also to elaborate on my above statement as to why I prefer to use OS mechanisms.
Yes, I trust the developers of KWallet, PAM, and all related Linux components more than I trust web or app developers when it comes to security, because that’s their area of expertise. If you have legitimate concerns that KWallet itself, or its implementation in KDE Plasma, is flawed, it’s better to point them out specifically, and report them to respective projects, rather than demonizing everything modern desktop operating systems provide based on a gut feeling.
And once again: if your concerns are more than just a gut feeling, back them up with concrete examples. Otherwise, the discussion is indeed pointless.
I need to put this right, because you misunderstood me: I am not distrusting any of the developers you mention. It’s not a matter of trust, it’s just a matter of human error and probability: if one saves all their passwords into one pw manager, and that app turns out to be buggy or becomes destroyed by a hard drive malfunction, it’s much more likely to loose all passwords at once.
Yes, I know: of course people are advised to back up their data on regular terms. But let’s be honest: how many people do you know in your family and among your friends who really follow that advice? I stopped counting how often I told people to do at least one back up every month, and how often I had to tell them “No back up, no pitty!” when they lost their phone or their hard drive failed.
One last suggestion to “Team Nextcloud”: I agree that they are not responsible for missing dependencies when installing the desktop client. But maybe they could just let the app issue a warning when it’s started and no password manager is in use, so the users know why it asks to be registered at each start.
That would save a lot of frustration and anger among the users.
