I have a file in my Linux system that's called ".fetchmailrc" and it's used to configure the email address that fetchmail will get the mails from. Hence, I have to type my password and email address in plain text.
Here is how the .fetchmailrc file looks like:
set daemon 1
set logfile /home/user/.fetchmail.log
set no bouncemail
poll pop.gmail.com proto POP3 auth password no dns user "MY_EMAIL" password "MY_PASSWORD" is user keep ssl
mda "/usr/bin/procmail -d %T"
I believe there must be a better way to do this, since if a hacker get access to my server, he can easily read the file and get my credentials.
I heard that in Linux systems there is PAM (Pluggable Authentication Modules) but I don't know if that is related to what I'm trying to do.
No matter how you store your passwords, when running a program that doesn't prompt for your passwords, the program has to decrypt the stored password with information available on the server. A "hacker" gaining access to your server can use all information stored on the server. So he can also decrypt the password in the same way the program decrypts it.
If the scheme you use to encrypt and store your password is a bit more involved, it may take the "hacker" a bit longer.
So there's no way to do what you want: No matter how you store your password, you can't make it "hacker safe". The hacker just has to do whatever the program does (or maybe even just execute the program, and sniff the network traffic).
PAM modules have nothing to do with that. They are not for storing passwords, but provide ways to configure authentication methods for existing Linux services. A program wishing to use PAM has to be written for it.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments