Passwords on OS X via security

Paul W. Rankin hello at paulwrankin.com
Thu Nov 13 04:44:08 GMT 2014


Lucien Pullen <drurowin at gmail.com> writes:

> Also sprach Paul W. Rankin on 2014-11-12:
>> I'd love to use an "elegant one-liner" (i.e. no pythonfile) to retrive
>> my account password, which is stored in a local OS X keychain.
>
> With using a .py, you'd call "import keyring", then "remotepasseval =
> keyring.get_password(item-name, account)" in your offlineimaprc.  You
> might try an anonymous function that performs the import, then
> get_password().  But I don't know Python, so that may or may not work.

This doesn't appear to be an option for me; I wrote a quick test:
 => ImportError: No module named keyring

>> [Repository Remote]
>> type = IMAP
>> remotehost = mail.example.com
>> remoteuser = user at example.com
>> remotepasseval = `security find-generic-password -a user at example.com -s mail.example.com -w`
>> [snip]
>
> Are you calling this while you are the active user (the one logged in
> via LoginWindow)? If you aren't the active user (SSH, `su`, etc.), you
> need to first unlock the keychain using the `unlock-keychain'
> subcommand.  There's also a way to add offlineimap as the owner of a
> keychain item, which, if I recall correctly, doesn't require you to
> unlock it. (If you create the item from offlineimap, that counts.)

The keychain is already unlocked and accessible. Within Keychain
Access.app, `security` is listed as "Always allow access by these
applications:". I have the very same line in my ~/.authinfo for using
smtpmail-send-it to avoid typing a gpg password when sending mail:

machine mail.example.com login userrnkn at example.com password `security find-generic-password -s mail.example.com -a user at example.com -w` port 465

That works without a hitch (with real values), so I assumed the problem
has to be in the way offlineimap reads .offlineimaprc

-- 
Paul W. Rankin
http://www.paulwrankin.com





More information about the OfflineIMAP-project mailing list