[Dovecot] Passwordless auth?

Dan Mahoney, System Admin danm at prime.gushi.org
Fri May 24 02:10:01 EEST 2013


Hey all,

I'm in the process of writing some scripts which I want to be able to take 
actions on my local mailbox.  (For example, to move a subset of messages 
to the trash over time, if unread for a week.  To act on messages in my 
learn-spam folder and then delete them).

What occured to me as being a Neat Idea is if Dovecot could honor ident 
(rfc1413) lookups, from trusted hosts (i.e. 127.0.0.1).  In this way I get 
all the benefits of dovecot's indexing being updated and nice locking, but 
I don't have to leave my password laying around in a plaintext file.

(Yes, this assumes I'm running a shell on the mail server.  I'm not 
concerned about the same level of security when you could simply cat my 
mail spool).

I'd definitely consider something like an SSH key with a forced 
command (I do see questions in the FAQ about making dovecot work over a 
socket connection), but that forgoes using standard imap clients.

I could also create a dovecot-only user with my UID and no other login 
privileges, but I'd like this to "just work" for anyone.

I don't know anything about if dovecot supports X509 auth, but this 
would require the client libraries to support such a thing, which not all 
do.

I'd love to hear about any other ways people have thought about to do 
this.  Any ideas?

-Dan Mahoney

-- 

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------



More information about the dovecot mailing list