Re: I'm stumped, how on earth do I get gnus to use ssl and not cleartext

info-gnus-english

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I'm stumped, how on earth do I get gnus to use ssl and not cleartext

From:	Ted Zlatanov
Subject:	Re: I'm stumped, how on earth do I get gnus to use ssl and not cleartext passwords?
Date:	Wed, 20 Feb 2008 13:35:23 -0600
User-agent:	Gnus/5.110007 (No Gnus v0.7) Emacs/23.0.50 (gnu/linux)

On Wed, 20 Feb 2008 17:47:50 +0100 Andreas Davour 
<anteRUN@updateLIKE.uu.HELLse> wrote: 

AD> Reading active file via nnfolder...
AD> nnfolder: Reading incoming mail from imap...
AD> imap: Connecting to <myserver>...
AD> imap: Opening SSL connection with `openssl s_client -quiet -ssl3
AD> -connect %s:%p'...done
AD> Waiting for response from <myserver>...done
AD> imap: Authenticating to `<myserver>' using `login'...
AD> imap: Plaintext authentication...
AD> imap: Authenticating to `<myserver>' using `login'...done
AD> nnfolder: Reading incoming mail (no new mail)...done

AD> Plaintext is *not* what I want! I did check the manual about this
AD> 'login' authentication thing, and got very confused. It sure looks
AD> like that means cleartext authentication unless told otherwise. How do
AD> I tell it otherwise?! Do I have to use nnimap for this to work? Since
AD> an openssl connection is made, is this just a nonsense warning that
AD> I'm sending a cleartext password along my ssl connection, i.e. not
AD> sending the password in cleartext at all?

The plaintext authentication is happening inside the SSL channel.  No
one can snoop on it without breaking the SSL encryption, which is pretty
hard to do.

By the way, you can save your password in ~/.authinfo too, encrypted.
With newer CVS Gnus versions, I added support for encrypt.el (under
contrib/) to automatically decrypt ~/.authinfo.  I use it like this:

(require 'encrypt)
(setq
 nnimap-authinfo-file "~/.authinfo.enc"
 smtpmail-auth-credentials "~/.authinfo.enc"
 encrypt-file-alist (quote (("~/.authinfo.enc" (gpg "AES256")))))

To create the file referenced above, open your old authinfo file in
Emacs, and run

;;; you should be in the authinfo buffer
M-x load-library RET encrypt
M-x encrypt-write-file-contents RET ~/.authinfo.enc

;;; in any buffer, you can now get the file contents
M-x encrypt-insert-file-contents RET ~/.authinfo.enc 

The encrypt.el code will eventually be replaced by Daiki Ueno's code in
Gnus, but for now at least this will work fine and you won't have to
enter your password manually.  I'll post on the ding mailing list when
the replacement happens, or I can CC you if you prefer and you decide to
use encrypt.el.

Ted

[Prev in Thread]

Current Thread

[Next in Thread]

Re: I'm stumped, how on earth do I get gnus to use ssl and not cleartext passwords?, Tassilo Horn, 2008/02/20
- Re: I'm stumped, how on earth do I get gnus to use ssl and not cleartext passwords?, Ted Zlatanov <=
- Re: I'm stumped, how on earth do I get gnus to use ssl and not cleartext passwords?, Jens Thiele, 2008/02/20

Prev by Date: Re: I'm stumped, how on earth do I get gnus to use ssl and not cleartext passwords?
Next by Date: Re: Processing HTML Emails
Previous by thread: Re: I'm stumped, how on earth do I get gnus to use ssl and not cleartext passwords?
Next by thread: Re: I'm stumped, how on earth do I get gnus to use ssl and not cleartext passwords?
Index(es):
- Date
- Thread