Pine, IMAP, and SSH (SSH, The Secure Shell: The Definitive Gu...

Pine, IMAP, and SSH (SSH, The Secure Shell: The Definitive Guide)of 8http://www.hn.edu.cn/book/NetWork/NetworkingBookshelf_2ndEd/ssh...8/3/2005 2:16 PMFigure 11-10. Pine/IMAP over SSH, preauthenticatedHere's a sample session that invokes an IMAP server, imapd, through inetd so it runs as root:server% telnet localhost imap* OK localhost IMAP4rev1 v12.261 server ready0 login res password'1 select inbox* 3 EXISTS* 0 RECENT* OK [UIDVALIDITY 964209649] UID validity status* OK [UIDNEXT 4] Predicted next UID* FLAGS (\Answered \Flagged \Deleted \Draft \Seen)* OK [PERMANENTFLAGS (\* \Answered \Flagged \Deleted \Draft \Seen)] Permanent flags1 OK [READ-WRITE] SELECT completed2 logout* BYE imap.example.com IMAP4rev1 server terminating connection2 OK LOGOUT completedAlternatively, in preauthenticated mode, the IMAP server assumes that authentication has already been doneby the program that started the server and that it already has the necessary rights to access the user's mailbox.If you invoke imapd on the command line under a nonroot uid, imapd assumes you have alreadyauthenticated and opens your email inbox. You can then type IMAP commands and access your mailboxwithout authentication:server% /usr/local/sbin/imapd* PREAUTH imap.example.com IMAP4rev1 v12.261 server ready0 select inbox* 3 EXISTS* 0 RECENT* OK [UIDVALIDITY 964209649] UID validity status* OK [UIDNEXT 4] Predicted next UID* FLAGS (\Answered \Flagged \Deleted \Draft \Seen)* OK [PERMANENTFLAGS (\* \Answered \Flagged \Deleted \Draft \Seen)] Permanent flags0 OK [READ-WRITE] SELECT completed1 logout* BYE imap.example.com IMAP4rev1 server terminating connection1 OK LOGOUT completedNotice the PREAUTH response at the beginning of the session, indicating pre-authenticated mode. It is followedby the command select inbox, which causes the IMAP server implicitly to open the inbox of the currentuser without demanding authentication.Now, how does all this relate to Pine? When instructed to access an IMAP mailbox, Pine first attempts to loginto the IMAP host using rsh and to run a preauthenticated instance of imapd directly. If this succeeds, Pinethen converses with the IMAP server over the pipe to rsh and has automatic access to the user's remote inboxwithout further authentication. This is a good idea and very convenient; the only problem is that rsh is veryinsecure. However, you can make Pine use SSH instead.