Greetings,
What's the problem with the plaintext password in .fetchmailrc? Only
the owner and root can read the file.
User psychology is one problem. Where I work, some of the IT support
people are trying very hard to switch people to Windows and Outlook.
UNIX users using a fetchmail/procmail based setup are tolerate, but
only just. One of the objections (on both sides of the fence) is the
unencrypted password. Yes, it may seem silly, but the it's real
nonetheless.
Also, we used to have separate e-mail passwords. In those days I did
not care much about it being readable, because all my mail is removed
from the server every 5 minutes anyway. But nowadays the mail password
inevitably is the same as the Windows one (Thank you very much,
MicroSilly Exchange!). If IT had it their way, we would even move to
single logon (because too many users can't remember one password, let
alone multiple ones). If this ever happens, fetchmail will also be
"exposing" my UNIX password.
Next, you say that only the user and root can read it. Fine. But root
is a human as well (several of them, most likely). I don't like them
to know what my password looks like, even if they don't need it to read
my files. The less information they have about what kinds of passwords
I use, the better. It's not because they are root on our file server
that they should have extra priviledges on any other system(s) I use.
(Yes, I do know about not using the same password everywhere. See above
if you need confirmation of that. And no, my passwords are not trivial,
but even so.)
Finally, it can't harm to have two locks on the same door. It's not
as if people haven't ever accidently chmod-ed things without noticing.
I know I have.
Of course, I do know that an encrypted password remains vulnerable to
anyone who knows how the decryption works. And since fetchmail would
need to decrypt it and is open source... But even so, I still don't
like it for the non-technical reasons described above.
Regards,
MCE
--
========================================================================
M. Eyckmans (MCE) Code of the Geeks v3.1 mce-at-pi-dot-be
GCS d+ s+:- a36 C+++$ UHLUASO+++$ P+ L+++ E--- W++ N+++ !o K w--- !O M--
V-- PS+ PE+ Y+ PGP- t--- !5 !X R- tv- b+ DI++ D-- G++ e+++ h+(*) !r y?
========================================================================