diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2020-03-18 22:07:33 -0400 |
|---|---|---|
| committer | Sean Whitton <spwhitton@spwhitton.name> | 2020-03-19 13:23:09 -0700 |
| commit | ddfda64826800a7b737fa161fd9d793fa6b42f06 (patch) | |
| tree | b5e6cf3ef0ba67384868513f94ee68688e243906 /imap-dl | |
| parent | 51e0c8a488b7a8d195d32d0bc58e5ef24b38e626 (diff) | |
| download | mailscripts-ddfda64826800a7b737fa161fd9d793fa6b42f06.tar.gz | |
imap-dl: use retriever.authentication configuration
After discussion with Sean Whitton and Robbie Harwood, I think makes
more sense to have a straight "retriever.authentication" configuration
setting rather than a rather odd boolean "use_kerberos".
This is a divergence from getmail, but that seems OK at this point.
The implementation now also makes it pretty straightforward to add new
authentication mechanisms if someone wants to add them.
One additional thing that would be nice would be for imap-dl to be
able to dynamically choose the "best" available authentication method.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthorseman.net>
Diffstat (limited to 'imap-dl')
| -rwxr-xr-x | imap-dl | 17 |
1 files changed, 13 insertions, 4 deletions
@@ -185,12 +185,21 @@ def scan_msgs(configfile:str, verbose:bool) -> None: port=int(conf.get('retriever', 'port', fallback=993)), ssl_context=ctx) as imap: username:str = conf.get('retriever', 'username') - use_kerberos = conf.getboolean('retriever', 'use_kerberos', - fallback=False) - if use_kerberos: + authentication:str = conf.get('retriever', 'authentication', + fallback='basic') + # FIXME: have the default automatically choose an opinionated + # best authentication method. e.g., if the gssapi module is + # installed and the user has a reasonable identity in their + # local credential cache, choose kerberos, otherwise, choose + # "basic". + if authentication == 'kerberos': auth_gssapi(username, imap, conf, server) - else: + elif authentication == 'basic': auth_builtin(username, imap, conf, server) + else: + # FIXME: implement other authentication mechanisms + raise Exception(f'retriever.authentication should be one of:\n' + '"basic" or "kerberos", got "{authentication}"') if verbose: # only enable debugging after login to avoid leaking credentials in the log imap.debug = 4 |