Date: Tue, 29 Dec 2009 18:25:04 +0600 From: Victor Sudakov <vas@mpeks.tomsk.su> To: freebsd-questions@freebsd.org Subject: Re: fetchmail and plain text password Message-ID: <20091229122504.GA70217@admin.sibptus.tomsk.ru> In-Reply-To: <20091228151553.GA7478@mech-cluster241.men.bris.ac.uk> References: <20091228151553.GA7478@mech-cluster241.men.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Anton Shterenlikht wrote: > I use fetchmail > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-fetchmail.html > to download all my mail from the Uni mail > server to my fbsd box. > > I typically run it in daemon mode, which requires > having my mail server password in plain text in .fetchmailrc > > I'm a little worried about the security of having > my password in plain text on the system. If your Uni mail server supports Kerberos, the only line in your ~/.fetchmailrc could be something like poll mail.yourserver.edu auth gssapi And you have to periodically refresh the Kerberos ticket. Works for me (I download mail from a Communigate Pro mail server). Of course root can have access to your Kerberos credentials cache, but I think it would be of more limited use than a plain text password. Actually my complete ~/.fetchmailrc is ============================ defaults protocol pop3 mda "/usr/local/bin/procmail -d %T" nokeep fetchall set syslog poll mail.sibptus.tomsk.ru auth gssapi ============================ -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@sibptus.tomsk.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091229122504.GA70217>