[bug-mailutils] Password management overview

bug-mailutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-mailutils] Password management overview

From:	Pierre-Jean
Subject:	[bug-mailutils] Password management overview
Date:	Fri, 09 Jun 2017 09:48:19 +0200

Hello alls,

In a recent discussion about the mu-tickets file, Sergey wrote that
"interfaces to third-party password storing facilities can be
implemented, if the facility in question provides a documented API".

Hoping that could be helpful, I made some research to see how other
mail clients deal with passwords and to find which APIs currently
exist.


How do similar tools deal with password managers ?
--------------------------------------------------

* Mutt
Mutt provides several ways to query for a password.  One of them is to
set a variable containing the password by querying a password manager
(using the "`" quotes):

  set my_PW = `gpg --decrypt /path/to/password.gpg`
  set imap_pass = $my_PW

Another possibility is to store part of the mutt configuration in an
encrypted file, and source it with a line of the form:

  source "gpg --decrypt /path/to/mutt_conf.gpg"

* S-nail
S-nail is a fork of Heirloom mailx. The 'agent-shell-lookup' entry of
the configuration file can be used to query an external program to get
a password:

  set address@hidden"gpg --decrypt /path/to/password.gpg"

* msmtp
msmtp is a smtp client. It will automatically find a password stored
in the gnome keyring (via libsecret). Its configuration file also
accepts the entry "passwordeval" to launch an external program to get
the password:

  passwordeval "gpg --decrypt /path/to/password.gpg"

* git
I accidently found some mentions concerning git. The credential
directory of its source tree contains implementations of several
password managers APIs: netrc, gnome-keyring, libsecret, osxkeychain,
and wincred. Cf:
https://github.com/git/git/blob/master/contrib/credential/

Concerning the netrc implementation, if the file has the '.gpg'
extension, git will decrypt it before parsing it.


Which are the password managers' APIs?
--------------------------------------

There are several command lines tools to manage passwords. They
include an option to display the password. For example, the command
'pass' can be used as follow:
  $ pass mail/host/user

There is a freedesktop secret API draft about applications which
communicates with a secret service using DBUS. Gnome-keyring and
Ksecretservice are two implementations of a Secret Service
https://specifications.freedesktop.org/secret-service/

There is a KDE_Utils/kwallet tool, but "it may happen that some day
KWallet will be replaced by Ksecretservice". Ksecretservice is the KDE
implementation of the freedesktop secret service API draft. It
provides an API to be used by KDE tools. It has apparently no command
line tool yet.
https://community.kde.org/KDE_Utils/ksecretsservice

There was a libnome-keyring API, but it is now deprecated. One should
use libsecret instead. Libsecret is the gnome implementation of the
freedesktop secret service API draft. It provides an API to be used by
gnome tools. Libsecret comes with a command line tool to store and
retrieve passwords: 'secret-tool'.
https://wiki.gnome.org/Projects/Libsecret
https://people.gnome.org/~stfw/libsecret-docs/


Kind regards,
Pierre-Jean.

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-mailutils] Password management overview, Pierre-Jean <=
- Re: [bug-mailutils] Password management overview, Sergey Poznyakoff, 2017/06/10

Prev by Date: Re: [bug-mailutils] mu-mh questions
Next by Date: [bug-mailutils] mu-mh manual page
Previous by thread: [bug-mailutils] mu-mh questions
Next by thread: Re: [bug-mailutils] Password management overview
Index(es):
- Date
- Thread