<<< Date Index >>>     <<< Thread Index >>>

Re: Mutt Next Generation



On Thu, Jan 27, 2005 at 17:53:17 +0100, Werner Koch wrote:
> > On our mail-server we use the same password as the Unix account for SMTP
> > AUTH, since we don't want to manage two different password databases
> 
> I guessed that somehow.  It is a bad security practice, but you
> probably known that.  

Hmmm, no. Can you explain? The passwords are transfered using TLS
encryption of course and the users already use that password for IMAP
(or are you suggesting also using another password for that?).

> > Having the external program prompt for the password and refresh the
> > screen would still have the problem that the password must be asked
> > every time, whereas mutt could cache it (like PGP).
> 
> No problem, run gpg-agent instead of using pinentry directly.  It will
> do the caching for you.

OK... I am not saying that it isn't theoretically feasible. It would be
certainly much easier if it was built-in into mutt. Not only to
configure (which could be taken care of by the sysadmin) but also the
usage.

It seems to me that this is more of an ideological problem than a real
one. My guess is that the additional code for SMTP AUTH in mutt would be
rather small...

Cheers
David
-- 
David Schweikert        | phone: +41 44 632 7019
System manager ISG.EE   | walk:  ETH Zentrum, ETL F24.1
ETH Zurich, Switzerland | web:   http://people.ee.ethz.ch/dws