Menu
▾
▴
Re: [Fetchmail-users] Fetchmail without passwords in plaintext file?
|
From: Matthias A. <mat...@gm...> - 2018-12-11 17:49:04
|
Am 11.12.18 um 13:31 schrieb Bjoern Voigt: > Matthias Andree wrote: >> There is no encryption option. You could use a .netrc file to save >> passwords instead, but that would not be encrypted either. >> >> If you are running fetchmail from a shell (not from cron), you can omit >> the passwords from .fetchmailrc and .netrc files, and fetchmail will ask >> you for all of them. This should also work with daemon mode, so you >> enter them once and fetchmail polls every N seconds (whatever --daemon >> delay you give it). > I think storing passwords unencrypted in files is an absolute no-go > today. Business users and administrators may come into conflict with > their company security policies. Especially users with unencrypted disks > on laptops are are at high risk. > > The only work-around which I can recommend is a variation of Matthias' > tip: Use a password manager and copy-paste passwords into fetchmail at > start-up. > > But Matthias, why you refused to accept the following poll request? > https://gitlab.com/fetchmail/fetchmail/merge_requests/1 > > PWMD is probably not perfect (I haven't tried it), but it would be the > first official solution for the unencrypted password storing problem, if > Fetchmail would contain the libpwmd patches. > [The messages appears to not have made it to the list yet, but since Björn has written a Cc: to the list, I'll provide a full quote.] Hi Björn, Regarding plaintext password storage, you don't have to, but fetchmail had originally been written for end-user consumption and not high-grade datacenter use. If I need to manually (through Git downloads) integrate a merge request (such as !1 or !11 or others), possibly rebasing it to linearize history, I cannot properly have Gitlab reflect that, you'll need to read the comments to see that I did in fact merge them - but not into the legacy_64 branch, (6.4 BETA) but instead into the master branch, where I take the 7.0 ALPHA snapshots from. So, that point rejected, but no offense taken. Feel free to check if there are relevant Gitlab bug/feature request tickets and otherwise write one to permit me to mark things as merged. I believe Gitorous, or some other Git hosting site, permitted that. HTH Matthias |
