2

We have an off-site warm standby backup host that I wish to periodically synchronise our imap server with using imapsync. I would like to know if it is possible to use RSA certificate authentication for the --authuser1 to --authuser2 login. If I use rsync over ssh then this poses no problem. But connecting to cyrus-imap through imapsync is somewhat more involved.

If not then what is the recommended way of passing the authuser passwords to the imapsync command when iteratively run inside a script?

James B. Byrne
  • 317
  • 4
  • 14

1 Answers1

0

In current imapsync release 1.607, there is no way with the command line switches to add certificates for the ssl or tls connexion modes. I might add it in the future, I've just put this request in the TODO file. Anyway, it should be easy to hack it now the direct way, imapsync is free software, and pass anything you need within the function "set_ssl". Everything is then passed to the underlying Mail::IMAPClient perl module. See perldoc Mail::IMAPClient for this.

In imapsync release 1.678 and later, it's possible to pass any ssl parameter, so certificates can be used that way.

 --sslargs1     str  : Pass any ssl parameter for host1 ssl or tls connection. Example:
                       --sslargs1 SSL_verify_mode=1 --sslargs1 SSL_version=SSLv3
 --sslargs2     str  : Pass any ssl parameter for host2 ssl or tls connection.

See all possibilities in the new() method of IO::Socket::SSL at http://search.cpan.org/perldoc?IO::Socket::SSL#Description_Of_Methods

For passing passwords the safe way in imapsync, use --passfile1 secretfile and change permissions to 600 on secretfile file. Added to a ssl or tls connexion, it won't be less secure than a private key file stored in the same Unix account.

Gilles LAMIRAL
  • 405
  • 2
  • 7