fetchmail and plain text password
Victor Sudakov
vas at mpeks.tomsk.su
Tue Dec 29 12:25:18 UTC 2009
Anton Shterenlikht wrote:
> I use fetchmail
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-fetchmail.html
> to download all my mail from the Uni mail
> server to my fbsd box.
>
> I typically run it in daemon mode, which requires
> having my mail server password in plain text in .fetchmailrc
>
> I'm a little worried about the security of having
> my password in plain text on the system.
If your Uni mail server supports Kerberos, the only line in your
~/.fetchmailrc could be something like
poll mail.yourserver.edu auth gssapi
And you have to periodically refresh the Kerberos ticket. Works for me
(I download mail from a Communigate Pro mail server).
Of course root can have access to your Kerberos credentials cache, but
I think it would be of more limited use than a plain text password.
Actually my complete ~/.fetchmailrc is
============================
defaults
protocol pop3 mda "/usr/local/bin/procmail -d %T" nokeep fetchall
set syslog
poll mail.sibptus.tomsk.ru auth gssapi
============================
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the freebsd-questions
mailing list