UPDATE 2010/11/30: I have just tried Mozilla Firefox 4.0 Beta 7 and my hacked extension no longer works, there have been too many significant changes between 3.7a4 and 4.0b7, notably to the Firefox UI components. I have edited the install.rdf file in the ThinkFox extension archive to only include Firefox versions up to 3.6.*; I have also installed the extension on Mozilla Thunderbird 3.1.*, so that software has been added to the install.rdf as well. END
I've used the Firefox extension "MR Tech Toolkit" https://addons.mozilla.org/en-US/firefox/addon/421 to enable the Firefox ThinkVantage password manager extension included with Client Security Suite 8.3 on Windows 7, and I've tested that solution on Firefox 3.0.x and Developer Preview 3.7a4.
It works quite well: if you keep the default password collection policy of the Lenovo Password Manager, which is to collect and recognize them by domain, and if you have several passwords used on one domain (e.g. www.google.com), then a list of collected password entries will be presented to you when accessing any recognized login form on that domain. For instance, I use both Gmail and Google Apps, each of which use different login form pages on the www.google.com domain--I just pick the right password entry which I've named after the email ID they are used for.
But I don't use the actual CSS password manager, I prefer to keep all my web passwords in the Firefox password manager, protected by a master password. And using the Thinkfox extension instructions referenced at http://forum.thinkpads.com/viewtopic.php?p=264664#p264664 and some quick hackery, I've created an updated Thinkfox which may be downloaded at http://cid-a3aff73245891d6e.skydrive.live.com/browse.aspx/Public/Thinkfox
Thinkfox is a Firefox extension to allow the use of the Firefox password manager's master password with the Lenovo ThinkVantage Password Manager and Firefox. This is a quick hack of Zender's extension and instructions at http://forum.thinkpads.com/viewtopic.php?p=264664#p264664 which everyone should read before installing this. I have merely updated the Firefox extension maxversion to 4.0+, given the extension a new GUID, and updated the descriptive details. The "components" directory of the extension has been extracted from "C:\Program Files\Lenovo\Client Security Solution\tvtpwm_moz_xpi.xpi" in a Windows 7 x86 installation of Lenovo Client Security Suite 8.3 (no Firefox 3.6 upgrade). People on Vista or Windows XP may want to create their own version, I don't have the Windows machines to do that; you can simply unzip and re-zip my version of Thinkfox, replacing the "components" folder with the version on your machine. IMPORTANT: make sure you disable the original Lenovo firefox extension by selecting its entry in the Firefox extension list and clicking the disable button in its listing, before installing the hacked extension.
It has been tested on Windows 7 x86, Firefox 3.0.x and Firefox Developer Preview 3.7a4 (one of the alpha versions of the Firefox 4.0) and works well: whenever the Firefox master password dialog appears the first time in a browser session, the ThinkVantage password/fingerprint collection UI appears, and successful credentials cause an automatic submission of the Firefox master password.
Zender's instructions concerning setting this up are: "Next time you enter master password, you should be asked by the Client Security Solution to save it. I recommend opening Advanced and selecting Secure, so that you're not asked just once per boot." (Actually, it's changed to clicking on "Advanced", then selecting a "Custom" security setting, and then changing "Once per boot" to "Everytime". Or something like that.)
Unfortunately, the Lenovo Password Manager does not notice when you change your Firefox master password, so that it goes into an endless loop of submitting the wrong password over and over again (kill it fron the Windows Task manager). The simple expedient is to update the Firefox password clear text recorded in the Lenovo Password manager every time the Firefox master password is changed.
I didn't ask the permission of anyone to do this, but I do hope this modified extension helps people. I will not be responsible for any potential mayhem! (I did check the javascript files for anything suspicious, like a backdoor to send passwords to undisclosed three-letter agencies of the US and other governments, but came up with nothing.)
.
