On Thu, 17 Jan 2002, John Kelly wrote:
> Anyone who's acquired the 0600 permissions needed to read your
> .fetchmailrc file will be able to run fetchmail as you anyway -- and if
> it's your password they're after, they'd be able to rip the necessary
> decoder out of the fetchmail code itself to get it.
but what kevin's done is to move authentication, nay the whole
transport, completely outside of fetchmail. whether that other
transport is secure no longer has any revelance to fetchmail.
i suspect in kevin's the security is now dependent on access to his
ssh key and passphrase or to his ssh-agent process (which kevin has
had to supply his key passphrase to and hopefully wouldnt be running
if kevin wasnt there).
now kevin only has to worry about keeping ssh secure, rather than ssh
/and/ fetchmail. and as ssh security is a lot more 'visible' and
probably interactive (definitely in kevin's case iirc) this is
probably a win.
regards,
--
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
Fortune:
Lawrence Radiation Laboratory keeps all its data in an old gray trunk.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
