[Dovecot] authenticate authenticated users
Hi
I'm using dovecot on a LAN server. I sometimes read mail from the server itself locally with mutt and sometimes remotely with mutt or mozilla .
I would like to avoid typing my password whenever necessary but without writing a plain-text equivalent copy of it locally.
It feels quite silly to have to type the password locally becase the imapd does not know that the process is indeed a process of the user tzafrir. It has all the information it neeeds to check that.
wu-imapd has something called "pre-authentication": the imapd is run by the user unpriviliged to access mail in the user's home directory. As a bonus this works quite nicely with ssh public key authentication. I know that at least mutt and pine support running a custom command for creating an imap connection. But then again, wu-imapd is built quite, well, differently.
Any ideas?
-- Tzafrir
Tzafrir Cohen wrote:
Hi
I'm using dovecot on a LAN server. I sometimes read mail from the server itself locally with mutt and sometimes remotely with mutt or mozilla .
I would like to avoid typing my password whenever necessary but without writing a plain-text equivalent copy of it locally.
It feels quite silly to have to type the password locally becase the imapd does not know that the process is indeed a process of the user tzafrir. It has all the information it neeeds to check that.
wu-imapd has something called "pre-authentication": the imapd is run by the user unpriviliged to access mail in the user's home directory. As a bonus this works quite nicely with ssh public key authentication. I know that at least mutt and pine support running a custom command for creating an imap connection. But then again, wu-imapd is built quite, well, differently.
Any ideas?
You might look at this:
http://www.benjamin.weiss.name/mail-server.sh
It's unfinished, but I don't have to type a password when using mutt locally. note, however, that I don't allow imap from anywhere but localhost. Externally, I use imaps. It all works well with Thunderbird, as also.
I'm away next week for my RHCE course and test, I'll finish the script and write up a page on configuring Thunderbird when I get back.
HTH,
Ben
On 2005-01-04 21:52:11 +0200, Tzafrir Cohen wrote:
I would like to avoid typing my password whenever necessary but without writing a plain-text equivalent copy of it locally.
read about running imap binary from mutt as tunnel. and see how you can combine that with ssh and ssh-key based auth.
some tutorials and tools about key auth can be found here. http://www.gentoo.org/proj/en/keychain/index.xml http://www-106.ibm.com/developerworks/library/l-keyc.html
about the mutt+imap stuff see the mutt documentation
just my 2 cents.
darix
-- irssi - the client of the smart and beautiful people
http://www.irssi.de/On Tue, Jan 04, 2005 at 11:39:09PM +0100, Marcus Rueckert wrote:
On 2005-01-04 21:52:11 +0200, Tzafrir Cohen wrote:
I would like to avoid typing my password whenever necessary but without writing a plain-text equivalent copy of it locally.
read about running imap binary from mutt as tunnel. and see how you can combine that with ssh and ssh-key based auth.
I know that, and used it with uw-imapd .
But you hint I should try the command:
/usr/lib/dovecot/imap
Hint taken. Preauth works. Thanks
participants (3)
-
Benjamin J. Weiss
-
Marcus Rueckert
-
Tzafrir Cohen