for (hostp = hostlist; hostp; hostp = hostp->next)
if (hostp->active && !(implicitmode && hostp->skip) && !hostp->password[0])
{
- if (hostp->protocol == P_KPOP)
- /* Server doesn't care what the password is, but there
+ if (hostp->authenticate == A_KERBEROS)
+ /* Server won't care what the password is, but there
must be some non-null string here. */
(void) strncpy(hostp->password,
hostp->remotename, PASSWORDLEN-1);
case P_POP3: return("POP3"); break;
case P_IMAP: return("IMAP"); break;
case P_APOP: return("APOP"); break;
- case P_KPOP: return("KPOP"); break;
default: return("unknown?!?"); break;
}
}
break;
case P_POP3:
case P_APOP:
- case P_KPOP:
return(doPOP3(queryctl));
break;
case P_IMAP:
printf(" APOP secret = '%s'\n", queryctl->password);
else
printf(" Password = '%s'\n", queryctl->password);
- printf(" Protocol is %s", showproto(queryctl->protocol));
+ if (queryctl->protocol == P_POP3 && queryctl->port == KPOP_PORT)
+ printf(" Protocol is KPOP");
+ else
+ printf(" Protocol is %s", showproto(queryctl->protocol));
if (queryctl->port)
printf(" (using port %d)", queryctl->port);
else if (outlevel == O_VERBOSE)
***********************************************************************/
/* constants designating the various supported protocols */
-#define P_AUTO 0
-#define P_POP2 2
-#define P_POP3 3
-#define P_IMAP 4
-#define P_APOP 5
-#define P_KPOP 6
+#define P_AUTO 0
+#define P_POP2 2
+#define P_POP3 3
+#define P_IMAP 4
+#define P_APOP 5
+
+#define KPOP_PORT 1109
+
+/* authentication types */
+#define A_PASSWORD 0 /* passwords in cleartext */
+#define A_KERBEROS 1 /* get Kerberos V4 ticket */
/* definitions for buffer sizes -- somewhat arbitrary */
#define POPBUFSIZE 512 /* per RFC 937 */
char mda [MDALEN+1];
int protocol;
int port;
+ int authenticate;
/* MDA arguments */
char *mda_argv[32];
.IP APOP
Use POP3 with MD5 authentication.
.IP KPOP
-POP3 with Kerberos authentication.
+Use POP3 with Kerberos authentication on port 1109.
.RE
.TP
.B \-P, --port
This option will seldom be necessary as all the supported protocols have
well-established default port numbers.
.TP
+.B \-A, --auth
+This option permits you to specify an authentication type (see USER
+AUTHENTICATION below for details). The possible values are
+\&`\fBpassword\ffR and `\fBkerberos\fR'. This option is provided
+primarily for developers; choosing KPOP protocol automatically selects
+Kerberos authentication, and all other alternatives use ordinary
+password authentication (though APOP uses a generated one-time
+key as the password).
+.TP
.B \-r folder, --remote folder
Causes a specified non-default mail folder on the mailserver to be retrieved.
The syntax of the folder name is server dependent, as is the default
.I ~/.fetchmailrc
file will be queried.
.SH USER AUTHENTICATION
-User authentication in
+Normal user authentication in
.I fetchmail
is very much like the authentication mechanism of
.I ftp(1).
logs in, it sends a cryptographically secure hash of your password and
the server greeting time to the server, which can verify it by
checking its authorization database.
+.PP
+If your \fIfetchmail\fR was built with Kerberos support and you specify
+Kerberos authentication (either with --auth or the \fI.fetchmailrc\fR
+option \fBauthenticate kerberos\fR) it will try to get a Kerberos
+ticket from the mailserver at the start of each query.
.SH DAEMON MODE
The
.B --daemon
port
skip
noskip
+ authenticate (or auth)
Legal user options are
imap (or IMAP)
apop (or APOP)
kpop (or APOP)
+
+.PP
+Legal authentication types are `password' or `kerberos'. The former
+specifies authentication by normal transmission of a password (the
+password may be plaintext or subject to protocol-specific encryption
+as in APOP); the second tells \fIfetchmail\fR to try to get a Kerberos
+ticket at the start of each query instead, and send an arbitrary
+string as the password.
+.PP
+Specifying \fBkpop\fR sets POP3 protocol over port 1109 with Kerberos
+authentication. These defaults may be overridden by later options.
.PP
You can use the `noise' keywords \fBand\fR, \fBwith\fR,
\fBhas\fR, \fBwants\fR, and \fBoptions\fR anywhere in an entry to make
#define LA_STDOUT 7
#define LA_FLUSH 8
#define LA_PROTOCOL 9
-#define LA_DAEMON 10
-#define LA_RCFILE 11
-#define LA_USERNAME 12
-#define LA_REMOTEFILE 13
-#define LA_PORT 14
-#define LA_SMTPHOST 15
-#define LA_MDA 16
-#define LA_LOGFILE 17
-#define LA_QUIT 18
-#define LA_NOREWRITE 19
-#define LA_CHECK 20
-#define LA_HELP 21
-#define LA_YYDEBUG 22
+#define LA_AUTHENTICATE 10
+#define LA_DAEMON 11
+#define LA_RCFILE 12
+#define LA_USERNAME 13
+#define LA_REMOTEFILE 14
+#define LA_PORT 15
+#define LA_SMTPHOST 16
+#define LA_MDA 17
+#define LA_LOGFILE 18
+#define LA_QUIT 19
+#define LA_NOREWRITE 20
+#define LA_CHECK 21
+#define LA_HELP 22
+#define LA_YYDEBUG 23
static char *shortoptions = "P:p:VaKkvS:m:sFd:f:u:r:L:qN?";
static struct option longoptions[] = {
{"flush", no_argument, (int *) 0, LA_FLUSH },
{"protocol", required_argument, (int *) 0, LA_PROTOCOL },
{"proto", required_argument, (int *) 0, LA_PROTOCOL },
+ {"auth", required_argument, (int *) 0, LA_PROTOCOL },
{"daemon", required_argument, (int *) 0, LA_DAEMON },
{"fetchmailrc",required_argument,(int *) 0, LA_RCFILE },
{"user", required_argument, (int *) 0, LA_USERNAME },
else if (strcasecmp(optarg,"apop") == 0)
queryctl->protocol = P_APOP;
else if (strcasecmp(optarg,"kpop") == 0)
- queryctl->protocol = P_KPOP;
+ {
+ queryctl->protocol = P_POP3;
+ queryctl->port = KPOP_PORT;
+ queryctl->authenticate == A_KERBEROS;
+ }
else {
fprintf(stderr,"Invalid protocol '%s'\n specified.\n", optarg);
errflag++;
case LA_PORT:
queryctl->port = atoi(optarg);
break;
+ case 'A':
+ case LA_AUTHENTICATE:
+ if (strcmp(optarg, "password") == 0)
+ queryctl->authenticate = A_PASSWORD;
+ else if (strcmp(optarg, "kerberos") == 0)
+ queryctl->authenticate = A_KERBEROS;
+ else {
+ fprintf(stderr,"Invalid authentication '%s'\n specified.\n", optarg);
+ errflag++;
+ }
+ break;
case 'S':
case LA_SMTPHOST:
if (fflag)
fputs("usage: fetchmail [options] [server ...]\n", stderr);
fputs(" Options are as follows:\n",stderr);
fputs(" -?, --help display this option help\n", stderr);
- fputs(" -p, --protocol specify pop2, pop3, imap, apop, rpop, kpop\n", stderr);
fputs(" -V, --version display version info\n", stderr);
+ fputs(" -v, --verbose work noisily (diagnostic output)\n", stderr);
+ fputs(" -d, --daemon run as a daemon once per n seconds\n", stderr);
+ fputs(" -c, --check check for messages without fetching\n", stderr);
+ fputs(" -L, --logfile specify logfile name\n", stderr);
+ fputs(" -q, --quit kill daemon process\n", stderr);
+ fputs(" -f, --fetchmailrc specify alternate run control file\n", stderr);
+
+ fputs(" -p, --protocol specify pop2, pop3, imap, apop, rpop, kpop\n", stderr);
+ fputs(" -P, --port TCP/IP service port to connect to\n",stderr);
+ fputs(" -A, --auth authentication type\n",stderr);
+
+ fputs(" -u, --username specify users's login on server\n", stderr);
fputs(" -a, --all retrieve old and new messages\n", stderr);
fputs(" -F, --flush delete old messages from server\n", stderr);
fputs(" -K, --kill delete new messages after retrieval\n", stderr);
fputs(" -k, --keep save new messages after retrieval\n", stderr);
fputs(" -S, --smtphost set SMTP forwarding host\n", stderr);
- fputs(" -q, --quit kill daemon process\n", stderr);
fputs(" -s, --silent work silently\n", stderr);
- fputs(" -v, --verbose work noisily (diagnostic output)\n", stderr);
- fputs(" -d, --daemon run as a daemon once per n seconds\n", stderr);
- fputs(" -f, --fetchmailrc specify alternate run control file\n", stderr);
- fputs(" -u, --username specify users's login on server\n", stderr);
fputs(" -r, --remote specify remote folder name\n", stderr);
- fputs(" -L, --logfile specify logfile name\n", stderr);
- fputs(" -c, --check check for messages without retrieving\n", stderr);
return(-1);
}
}
switch (queryctl->protocol) {
- case P_KPOP:
-#ifndef KERBEROS_V4
- strcat (buf, "KPOP support not compiled into this executable.\n");
- return(PS_ERROR);
-#endif
- /* fall through */
-
case P_POP3:
if ((gen_transact(socket,"USER %s", queryctl->remotename)) != 0)
return(PS_ERROR);
fprintf(stderr,"Option --remote is not supported with POP3\n");
return(PS_SYNTAX);
}
- if (queryctl->protocol == P_KPOP)
- {
- struct method kpop_method = pop3;
- kpop_method.port = 1109;
- return(do_protocol(queryctl, &kpop_method));
- }
return(do_protocol(queryctl, &pop3));
}
server { return SERVER; }
proto(col)? { return PROTOCOL; }
port { return PORT; }
+auth(enticate)? { return AUTHENTICATE; }
+kerberos { return KERBEROS; }
user(name)? { return USERNAME; }
pass(word)? { return PASSWORD; }
(pop3)|(POP3) { yylval.proto = P_POP3; return PROTO; }
(imap)|(IMAP) { yylval.proto = P_IMAP; return PROTO; }
(apop)|(APOP) { yylval.proto = P_APOP; return PROTO; }
-(kpop)|(KPOP) { yylval.proto = P_KPOP; return PROTO; }
+(kpop)|(KPOP) { return KPOP; }
+
(#.*)?\\?\n { prc_lineno++; } /* newline is ignored */
#include <config.h>
#include <stdio.h>
+#include "fetchmail.h"
extern char *rcfile;
extern int prc_lineno;
extern int prc_errflag;
%union {
int proto;
+ int auth;
int flag;
char *sval;
}
-%token DEFAULTS SERVER PROTOCOL
+%token DEFAULTS SERVER PROTOCOL AUTHENTICATE KPOP KERBEROS
%token USERNAME PASSWORD FOLDER SMTPHOST MDA IS HERE THERE
%token <proto> PROTO
+%token <auth> AUTHTYPE
%token <sval> STRING
%token <flag> KEEP FLUSH FETCHALL REWRITE PORT SKIP
;
serv_option : PROTOCOL PROTO {prc_setproto($2);}
+ | PROTOCOL KPOP {
+ prc_setproto(P_POP3);
+ prc_setauth(A_KERBEROS);
+ prc_setport(KPOP_PORT);
+ }
| PORT STRING {prc_setport($2);}
| SKIP {prc_setskip($1==FLAG_TRUE);}
+ | AUTHENTICATE PASSWORD {prc_setauth(A_PASSWORD);}
+ | AUTHENTICATE KERBEROS {prc_setauth(A_KERBEROS);}
;
/* the first and only the first user spec may omit the USERNAME part */
#
# Legal keywords are
# server
-# protocol (or proto)
+# protocol (or proto) -- nuat be followed by a protocol ID
+# port
+# authenticate (or auth) -- must be followed by an authentication type
+#
# username (or user)
# is
# remotefolder (or remote)
# nofetchall
# norewrite
# noskip
-# port
#
# Legal protocol identifiers are
# pop2 (or POP2)
# apop (or APOP)
# kpop (or KPOP)
#
+# Legal authentication types are
+# login
+# kerberos
+#
# Basic format is
# server SERVERNAME protocol PROTOCOL username NAME password PASSWORD
# Example:
server pop.provider.net proto pop3 user jsmith password secret1
server other.provider.net proto pop2 user John.Smith password My^Hat
-# Other possibilities (note use of \ to escape newline -- this is all
+# Other possibilities (note optional use of \ to escape newline -- this is all
# one server definition.
server pop.provider.net \
proto pop3 \
projects / ~andy / fetchmail / commitdiff