Re: [evolution-patches] [PATCH] IMAP preauth and subcommand connection.



On Thu, 2003-06-26 at 17:49, David Woodhouse wrote:
> On Thu, 2003-06-26 at 20:21, Ettore Perazzoli wrote:
> > On Thu, 2003-06-26 at 13:05, David Woodhouse wrote:
> > > It's possible to get at an IMAP server by 'ssh $MAILHOST imapd', and in
> > > fact some servers that's the _only_ way to get at them... 
> > 
> > Is this actually a common setup?
> 
> I can only speak for situations I've encountered, for which the answer
> is 'yes'. 
> 
> It's an option which pine supports by default, and it lets users get at
> IMAP servers on hosts which aren't primarily mail servers hence don't
> have IMAP daemons listening, lets users user _different_ IMAP servers to
> those which are listening on the standard ports, and lets users use IMAP
> servers on machines behind firewalls which only SSH knows how to get
> through, etc. 
> 
> The one you see in the screenshot below, for example, is connecting to a
> host within my employer's private network because ssh has a ProxyCommand
> setting 'ssh bastionhost exec nc %h %p', and running courier-imap on
> that host even though that mail box has wu-imapd listening on port 143.
> 
> > I am not opposed to the feature, but I worry about the IMAP
> > configuration page getting even more complicated than it already is... 
> > The setting should be exposed to the user in a way that s/he can
> > understand.
> 
> See http://www.infradead.org/~dwmw2/evo-shot.jpeg -- I don't think it's
> too confusing.

yea, looks ok to me I guess. anna?

> 
> > Also, does this rely on ssh-askpass to fetch the password?
> 
> ssh-askpass or ssh-agent or shosts or passphrase-less keys.... yes. Or
> maybe you could be using rsh or krsh or some kind of socks client, or
> just running 'imapd' locally, or.....

I totally overlooked this when reviewing the patch. not necessarily a
bad thing, just "what happens if the user doesn't have ssh-askpass
installed?" and is that even possible? I think ssh comes with askpass,
but I forget. might be distributed separately sometimes?

anyways, not sure one could easily handle the case where ssh-askpass
wasn't used? on the other hand, it'd be good to not hang either...

Jeff

> 
> The _default_ command if you enable the option, IIRC, is
> 	ssh -C -l $URLUSER $URLHOST exec imapd
-- 
Jeffrey Stedfast
Evolution Hacker - Ximian, Inc.
fejj ximian com  - www.ximian.com




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]