imap_pass password management
I'm using mutt + offlineimap + msmtp to work with my 10+ IMAP accounts. The problem is that each account has it's own imap_pass and smtp_pass stored in plaintext somewhere im muttrc, .msmtprc and .offlineimaprc. That makes password management very hard, because every time I change my passwords I have to update at least 3 config files per account. Also, I find it a bad practice to have my passwords stored in plaintext on my hard drive. Is it possible to have my imap_pass set dynamicaly to be an output of some CLI password management program (like pwsafe)? Exaple: imap_pass = echo -n $(pwsafe -p ACCOUNT_NAME -e -q | tail -n 1) | -- . O . | Djordje Todorovic [aceofknaves at G_M_A_I_L .com] | O . O . . O | GPG-Key: 2048R/1E19 (http://pgp.mit.edu) | . O O O O O | BFF2 1C7F A70D ECCD FA8F C946 DB32 B498 1E13 3339 | . O .
Re: imap_pass password management
On Wed, May 18, 2011 at 01:43:05PM +0200, Ђорђе Тодоровић wrote: Is it possible to have my imap_pass set dynamicaly to be an output of some CLI password management program (like pwsafe)? Exaple: imap_pass = echo -n $(pwsafe -p ACCOUNT_NAME -e -q | tail -n 1) | does that work? imap_pass = `echo -n $(pwsafe -p ACCOUNT_NAME -e -q | tail -n 1) ` Richard --- Name and OpenPGP keys available from pgp key servers
Re: imap_pass password management
On Wed, 18 May 2011, Richard wrote: On Wed, May 18, 2011 at 01:43:05PM +0200, Ђорђе Тодоровић wrote: Is it possible to have my imap_pass set dynamicaly to be an output of some CLI password management program (like pwsafe)? Exaple: imap_pass = echo -n $(pwsafe -p ACCOUNT_NAME -e -q | tail -n 1) | does that work? imap_pass = `echo -n $(pwsafe -p ACCOUNT_NAME -e -q | tail -n 1) ` That works fine, thank you. Also I found this link: http://www.mail-archive.com/mutt-users@mutt.org/msg36375.html -- . O . | Djordje Todorovic [aceofknaves at G_M_A_I_L .com] | O . O . . O | GPG-Key: 2048R/1E19 (http://pgp.mit.edu) | . O O O O O | BFF2 1C7F A70D ECCD FA8F C946 DB32 B498 1E13 3339 | . O .
Re: imap_pass password management
On Wed, 18 May 2011, Ђорђе Тодоровић wrote: On Wed, 18 May 2011, Richard wrote: On Wed, May 18, 2011 at 01:43:05PM +0200, Ђорђе Тодоровић wrote: Is it possible to have my imap_pass set dynamicaly to be an output of some CLI password management program (like pwsafe)? Exaple: imap_pass = echo -n $(pwsafe -p ACCOUNT_NAME -e -q | tail -n 1) | does that work? imap_pass = `echo -n $(pwsafe -p ACCOUNT_NAME -e -q | tail -n 1) ` That works fine, thank you. Also I found this link: http://www.mail-archive.com/mutt-users@mutt.org/msg36375.html I just noticed that this example doesn't work with passwords that contain certain special characters (#'). Anyone know how to sanitize input so mutt can read passwords from stdin? If a password contains #, mutt reads an empty string. If a password contains quotes, imap_pass gets a password + entire muttrc file below a set imap_pass... field. -- . O . | Djordje Todorovic [aceofknaves at G_M_A_I_L .com] | O . O . . O | GPG-Key: 2048R/1E19 (http://pgp.mit.edu) | . O O O O O | BFF2 1C7F A70D ECCD FA8F C946 DB32 B498 1E13 3339 | . O .
Re: imap_pass password management
* Ђорђе Тодоровић postmanmi...@gmail.com [18.05.2011. @13:43:05 +0200]: I'm using mutt + offlineimap + msmtp to work with my 10+ IMAP accounts. The problem is that each account has it's own imap_pass and smtp_pass stored in plaintext somewhere im muttrc, .msmtprc and .offlineimaprc. That makes password management very hard, because every time I change my passwords I have to update at least 3 config files per account. Also, I find it a bad practice to have my passwords stored in plaintext on my hard drive. Is it possible to have my imap_pass set dynamicaly to be an output of some CLI password management program (like pwsafe)? Exaple: imap_pass = echo -n $(pwsafe -p ACCOUNT_NAME -e -q | tail -n 1) | -- . O . | Djordje Todorovic [aceofknaves at G_M_A_I_L .com] | O . O . . O | GPG-Key: 2048R/1E19 (http://pgp.mit.edu) | . O O O O O | BFF2 1C7F A70D ECCD FA8F C946 DB32 B498 1E13 3339 | . O . Hello, To avoid to have a clear text password in my .muttrc, I set my imap_pass as following: set imap_pass=`gpg --decrypt ~/.mutt/password` (and ~/.mutt/password contains my password encrypted with my key) When I start Mutt, it asks my key passphrase. JC signature.asc Description: Digital signature
Re: imap_pass password management
On Wed, May 18, 2011 at 07:24:49PM +0200, Ђорђе Тодоровић wrote: On Wed, 18 May 2011, Ђорђе Тодоровић wrote: On Wed, 18 May 2011, Richard wrote: imap_pass = `echo -n $(pwsafe -p ACCOUNT_NAME -e -q | tail -n 1) ` That works fine, thank you. Also I found this link: http://www.mail-archive.com/mutt-users@mutt.org/msg36375.html I just noticed that this example doesn't work with passwords that contain certain special characters (#'). Anyone know how to sanitize input so mutt can read passwords from stdin? If a password contains #, mutt reads an empty string. If a password contains quotes, imap_pass gets a password + entire muttrc file below a set imap_pass... field. Mutt treats the output of a command in backticks as if it were typed directly into the config file. So if your password is abc#123, then imap_pass = `echo -n $(pwsafe -p ACCOUNT_NAME -e -q | tail -n 1) ` will translate to imap_pass = abc#123 Mutt will parse # as the beginning of a comment, ignore it and the rest of the line, and set your password to abc. The solution is to tell mutt that the output of the command is a literal string: imap_pass = `echo -n $(pwsafe -p ACCOUNT_NAME -e -q | tail -n 1) ` Some brief testing indicates that Mutt does the right thing for output that contains # and , but I don't use IMAP so I'm not completely certain. -- Ed Blackman signature.txt Description: Digital signature
Re: imap_pass password management
Richard, I use GnuPG to encrypt/decrypt my passwords for mutt. For each imap account, I create a little text file that contains the appropriate password, and encrypt that file using my public key. Then I use command substitution to set imap_pass in muttrc. For example, set my_imap_un=hesla set my_imap_pw=`gpg2 -d --batch ~/.mutt/.imap_pw.gpg` account-hook imap://my.imap.server:143 set imap_user=$my_imap_un account-hook imap://my.imap.server:143 set imap_pass=$my_imap_pw (You do need the --batch, to prevent the passphrase prompt.) If the password contains a special character, just backslash escape it, then enclose the whole password in single quotes. For example, if your password were 45B;abcd then the text file (before encryption) should contain the single line '45B\;abcd' (including the single quotes). This works fine with my setup. BTW, I use gpg-agent to avoid having to key in my passphrase multiple times per day. Regards, -- Todd Hesla On Wed, May 18, 2011 at 07:24:49PM +0200, Ђорђе Тодоровић wrote: Date: Wed, 18 May 2011 19:24:49 +0200 To: Richard r...@linux-m68k.org, mutt-users@mutt.org From: Ђорђе Тодоровић postmanmi...@gmail.com Subject: Re: imap_pass password management On Wed, 18 May 2011, Ђорђе Тодоровић wrote: On Wed, 18 May 2011, Richard wrote: On Wed, May 18, 2011 at 01:43:05PM +0200, Ђорђе Тодоровић wrote: Is it possible to have my imap_pass set dynamicaly to be an output of some CLI password management program (like pwsafe)? Exaple: imap_pass = echo -n $(pwsafe -p ACCOUNT_NAME -e -q | tail -n 1) | does that work? imap_pass = `echo -n $(pwsafe -p ACCOUNT_NAME -e -q | tail -n 1) ` That works fine, thank you. Also I found this link: http://www.mail-archive.com/mutt-users@mutt.org/msg36375.html I just noticed that this example doesn't work with passwords that contain certain special characters (#'). Anyone know how to sanitize input so mutt can read passwords from stdin? If a password contains #, mutt reads an empty string. If a password contains quotes, imap_pass gets a password + entire muttrc file below a set imap_pass... field. -- . O . | Djordje Todorovic [aceofknaves at G_M_A_I_L .com] | O . O . . O | GPG-Key: 2048R/1E19 (http://pgp.mit.edu) | . O O O O O | BFF2 1C7F A70D ECCD FA8F C946 DB32 B498 1E13 3339 | . O .