* Re: I'm stumped, how on earth do I get gnus to use ssl and not cleartext passwords?
[not found] <cs9mypvzia1.fsf@Psilocybe.Update.UU.SE>
2008-02-20 19:04 ` I'm stumped, how on earth do I get gnus to use ssl and not cleartext passwords? Tassilo Horn
@ 2008-02-20 19:35 ` Ted Zlatanov
2008-02-21 0:41 ` Jens Thiele
2 siblings, 0 replies; 3+ messages in thread
From: Ted Zlatanov @ 2008-02-20 19:35 UTC (permalink / raw)
To: info-gnus-english
On Wed, 20 Feb 2008 17:47:50 +0100 Andreas Davour <anteRUN@updateLIKE.uu.HELLse> wrote:
AD> Reading active file via nnfolder...
AD> nnfolder: Reading incoming mail from imap...
AD> imap: Connecting to <myserver>...
AD> imap: Opening SSL connection with `openssl s_client -quiet -ssl3
AD> -connect %s:%p'...done
AD> Waiting for response from <myserver>...done
AD> imap: Authenticating to `<myserver>' using `login'...
AD> imap: Plaintext authentication...
AD> imap: Authenticating to `<myserver>' using `login'...done
AD> nnfolder: Reading incoming mail (no new mail)...done
AD> Plaintext is *not* what I want! I did check the manual about this
AD> 'login' authentication thing, and got very confused. It sure looks
AD> like that means cleartext authentication unless told otherwise. How do
AD> I tell it otherwise?! Do I have to use nnimap for this to work? Since
AD> an openssl connection is made, is this just a nonsense warning that
AD> I'm sending a cleartext password along my ssl connection, i.e. not
AD> sending the password in cleartext at all?
The plaintext authentication is happening inside the SSL channel. No
one can snoop on it without breaking the SSL encryption, which is pretty
hard to do.
By the way, you can save your password in ~/.authinfo too, encrypted.
With newer CVS Gnus versions, I added support for encrypt.el (under
contrib/) to automatically decrypt ~/.authinfo. I use it like this:
(require 'encrypt)
(setq
nnimap-authinfo-file "~/.authinfo.enc"
smtpmail-auth-credentials "~/.authinfo.enc"
encrypt-file-alist (quote (("~/.authinfo.enc" (gpg "AES256")))))
To create the file referenced above, open your old authinfo file in
Emacs, and run
;;; you should be in the authinfo buffer
M-x load-library RET encrypt
M-x encrypt-write-file-contents RET ~/.authinfo.enc
;;; in any buffer, you can now get the file contents
M-x encrypt-insert-file-contents RET ~/.authinfo.enc
The encrypt.el code will eventually be replaced by Daiki Ueno's code in
Gnus, but for now at least this will work fine and you won't have to
enter your password manually. I'll post on the ding mailing list when
the replacement happens, or I can CC you if you prefer and you decide to
use encrypt.el.
Ted
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: I'm stumped, how on earth do I get gnus to use ssl and not cleartext passwords?
[not found] <cs9mypvzia1.fsf@Psilocybe.Update.UU.SE>
2008-02-20 19:04 ` I'm stumped, how on earth do I get gnus to use ssl and not cleartext passwords? Tassilo Horn
2008-02-20 19:35 ` Ted Zlatanov
@ 2008-02-21 0:41 ` Jens Thiele
2 siblings, 0 replies; 3+ messages in thread
From: Jens Thiele @ 2008-02-21 0:41 UTC (permalink / raw)
To: info-gnus-english
Andreas Davour <anteRUN@updateLIKE.uu.HELLse> writes:
> [...]
> But when I look at the *Messages* buffer I see this:
>
> Reading active file via nnfolder...
> nnfolder: Reading incoming mail from imap...
> imap: Connecting to <myserver>...
> imap: Opening SSL connection with `openssl s_client -quiet -ssl3
> -connect %s:%p'...done
This more or less means openssl is used to tunnel imap.
> Waiting for response from <myserver>...done
> imap: Authenticating to `<myserver>' using `login'...
> imap: Plaintext authentication...
> imap: Authenticating to `<myserver>' using `login'...done
> nnfolder: Reading incoming mail (no new mail)...done
>
> Plaintext is *not* what I want! I did check the manual about this
> 'login' authentication thing, and got very confused. It sure looks
> like that means cleartext authentication unless told otherwise. How do
> I tell it otherwise?! Do I have to use nnimap for this to work? Since
> an openssl connection is made, is this just a nonsense warning that
> I'm sending a cleartext password along my ssl connection, i.e. not
> sending the password in cleartext at all?
You, probably don't send a cleartext password along your ssl connection
but within. To convince yourself you can use some packet sniffer like
tcpdump or wireshark.
> I need someone to tell me how email over ssl is supposed to work.
You probably have it working.
Greetings,
Jens
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: I'm stumped, how on earth do I get gnus to use ssl and not cleartext passwords?
[not found] <cs9mypvzia1.fsf@Psilocybe.Update.UU.SE>
@ 2008-02-20 19:04 ` Tassilo Horn
2008-02-20 19:35 ` Ted Zlatanov
2008-02-21 0:41 ` Jens Thiele
2 siblings, 0 replies; 3+ messages in thread
From: Tassilo Horn @ 2008-02-20 19:04 UTC (permalink / raw)
To: info-gnus-english
Andreas Davour <anteRUN@updateLIKE.uu.HELLse> writes:
Hi Andreas,
> Since an openssl connection is made, is this just a nonsense warning
It's no warning, only an information.
> that I'm sending a cleartext password along my ssl connection,
> i.e. not sending the password in cleartext at all?
Exactly. You send the password in cleartext but through an encrypted
connection, which is absolutely fine.
Bye,
Tassilo
--
Richard Stallman can solve the halting problem... in polynomial time.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-02-21 0:41 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <cs9mypvzia1.fsf@Psilocybe.Update.UU.SE>
2008-02-20 19:04 ` I'm stumped, how on earth do I get gnus to use ssl and not cleartext passwords? Tassilo Horn
2008-02-20 19:35 ` Ted Zlatanov
2008-02-21 0:41 ` Jens Thiele
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).