Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

"It's like deja vu all over again." -- Yogi Berra

computers / news.software.readers / [slrn] store nnrpaccess credentials outside of slrnrc?

SubjectAuthor
* [slrn] store nnrpaccess credentials outside of slrnrc?Profoundly Nerdy
+- Re: [slrn] store nnrpaccess credentials outside of slrnrc?Phil Boutros
`- Re: [slrn] store nnrpaccess credentials outside of slrnrc?rek2 hispagatos

1
[slrn] store nnrpaccess credentials outside of slrnrc?

<ui6lj7$3k1nr$1@dont-email.me>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=1595&group=news.software.readers#1595

  copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!news.hispagatos.org!eternal-september.org!feeder2.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: profoundlynerdy@invalid.invalid (Profoundly Nerdy)
Newsgroups: news.software.readers
Subject: [slrn] store nnrpaccess credentials outside of slrnrc?
Date: Sat, 4 Nov 2023 19:54:15 -0400
Organization: A noiseless patient Spider
Lines: 19
Message-ID: <ui6lj7$3k1nr$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 4 Nov 2023 23:54:15 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="b22bba6a824fe65a2487256aafcc5058";
logging-data="3802875"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18mo1tAEIiTHLBN3SiaAwVdAXbHBkUcY/Y="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:rJJ1jNOgINvvgDzWRSGsmN22WSo=
Content-Language: en-US
 by: Profoundly Nerdy - Sat, 4 Nov 2023 23:54 UTC

I am setting up slrn for the first time. I noticed that slrnrc stores
NNTP credentials in plain text. That's not ideal. I'd like to store my
credentials in an external password manager, such as `pass`[^1].

Is it possible to do one of two things:

1. Call an external program that provides the username and password to
nnrpaccess at runtime?
2. Or, reference a file external to slrnrc that contains the
credentials?

Option #2 is still not perfect, but at least I can lock down the
credentials themselves separate from the configuration file.

[^1]: <https://www.passwordstore.org/>

--
Profoundly Nerdy

Re: [slrn] store nnrpaccess credentials outside of slrnrc?

<slrnukg193.1d36.philb@ah61.eternal-september.org>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=1596&group=news.software.readers#1596

  copy link   Newsgroups: news.software.readers
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder2.eternal-september.org!news.eternal-september.org!ah61.eternal-september.org!.POSTED!not-for-mail
From: philb@philb.ca (Phil Boutros)
Newsgroups: news.software.readers
Subject: Re: [slrn] store nnrpaccess credentials outside of slrnrc?
Date: Sun, 5 Nov 2023 21:12:04 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 27
Message-ID: <slrnukg193.1d36.philb@ah61.eternal-september.org>
References: <ui6lj7$3k1nr$1@dont-email.me>
Injection-Date: Sun, 5 Nov 2023 21:12:04 -0000 (UTC)
Injection-Info: ah61.eternal-september.org; posting-host="a885b882fb7d292d6f1930fa8df76cc6";
logging-data="162964"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19NeF0hLkgYZLOQ/w0gApnn"
User-Agent: slrn/pre1.0.4-6 (Linux)
Cancel-Lock: sha1:pzUzSX8aVf6+tPP1Z/bUAqFD3Tg=
 by: Phil Boutros - Sun, 5 Nov 2023 21:12 UTC

Profoundly Nerdy <profoundlynerdy@invalid.invalid> wrote:
> I am setting up slrn for the first time. I noticed that slrnrc stores
> NNTP credentials in plain text. That's not ideal. I'd like to store my
> credentials in an external password manager, such as `pass`[^1].
>
> Is it possible to do one of two things:
>
> 1. Call an external program that provides the username and password to
> nnrpaccess at runtime?

Anything is possible if you want to write the code for it. If you
can write it in S-Lang, you can interpret any file from your .slrnrc.
I suspect the limitation here will be your password manager.

> 2. Or, reference a file external to slrnrc that contains the
> credentials?

That part is trivial. You can include any other config file in
your main config file.

https://www.slrn.org/docs/slrn-manual-5.html#include

Phil
--
AH#61 Wolf#14 BS#89 bus#1 CCB#1 SENS KOTC#4
philb@philb.ca http://philb.ca

Re: [slrn] store nnrpaccess credentials outside of slrnrc?

<ui9def$j349$1@matrix.hispagatos.org>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=1597&group=news.software.readers#1597

  copy link   Newsgroups: news.software.readers
Path: i2pn2.org!rocksolid2!news.neodome.net!news.nntp4.net!news.hispagatos.org!.POSTED!not-for-mail
From: rek2@hispagatos.org.invalid (rek2 hispagatos)
Newsgroups: news.software.readers
Subject: Re: [slrn] store nnrpaccess credentials outside of slrnrc?
Date: Mon, 6 Nov 2023 00:53:35 -0000 (UTC)
Organization: Hispagatos
Message-ID: <ui9def$j349$1@matrix.hispagatos.org>
References: <ui6lj7$3k1nr$1@dont-email.me>
Reply-To: ReK2 <rek2@hispagatos.org>
Injection-Date: Mon, 6 Nov 2023 00:53:35 -0000 (UTC)
Injection-Info: matrix.hispagatos.org;
logging-data="625801"; mail-complaints-to="abuse@hispagatos.org"
User-Agent: slrn/pre1.0.4-9 (Linux)
 by: rek2 hispagatos - Mon, 6 Nov 2023 00:53 UTC

On 2023-11-04, Profoundly Nerdy <profoundlynerdy@invalid.invalid> wrote:
> I am setting up slrn for the first time. I noticed that slrnrc stores
> NNTP credentials in plain text. That's not ideal. I'd like to store my
> credentials in an external password manager, such as `pass`[^1].
>
> Is it possible to do one of two things:
>
> 1. Call an external program that provides the username and password to
> nnrpaccess at runtime?
> 2. Or, reference a file external to slrnrc that contains the
> credentials?
>
> Option #2 is still not perfect, but at least I can lock down the
> credentials themselves separate from the configuration file.
>
> [^1]: <https://www.passwordstore.org/>
>

I agree 100% is why I asked the community to support new software
that takes privacy and security as a main concern, never have plain text
passwors in your ENV or home directory anyone working in infosec knows this
old software lacks this way of thinking .

I know 2-3 projects that devs dropped it or are about because
nobody helps them with QA and testing and all this projects support
calling password managers like pass/gopass/bitwarden-cli etc from the config
file, supports encryption and such, but their support for usenet is 50%
because of lack influence

Happy Hacking

ReK2
> --
> Profoundly Nerdy

--
- {gemini,https}://{,rek2.}hispagatos.org - mastodon: @rek2@hispagatos.space
- [https|gemini]://2600.Madrid - https://hispagatos.space/@rek2
- https://keyoxide.org/A31C7CE19D9C58084EA42BA26C0B0D11E9303EC5

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor