Howdy, isync folks. I've attached a patch to support direct OSX Keychain access on OSX, which adds two things: - new config "KeychainName" and "KeychainAccount" to look up a specific generic password in the Keychain - an attempt to look up the Internet password for the account's host, user, and protocol (SMTP), which doesn't need configuration
If neither finds a password, then the usual password retrieval path is taken. Rationale: I used PassCmd, but neither `gpg -d .authinfo.gpg` nor `security find-generic-password [...]` are a good choice in my eyes, because I'd have to type in my local password (GPG or Keychain access) each time or add a rule to cache it in gpg-agent or always allow security access to the Keychain. The latter options allow anyone who gains access to my machine to retrieve my password on the command line. With the Keychain access directly from mbsync, however, Keychain can do the access control based on the process's binary, shutting down this particular attack possibility. In particular, the config for a generic password works very well if there already is an entry for it in the Keychain, which gets updated when the password changes, and other programs need to access the same password, which they can access in the same way, in my case this is "msmtp" to send email. Let me know whether this you'd consider merging this or if it needs changes. Toodle-pip Oliver PS: this sort of thing could also be done with the GNOME Keyring or KDE Wallet
0001-Add-configuration-to-get-password-from-OSX-Keychain.patch
Description: Binary data
_______________________________________________ isync-devel mailing list isync-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/isync-devel
