/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.xml

  • Committer: Teddy Hogeborn
  • Date: 2019-07-18 00:02:43 UTC
  • mto: This revision was merged to the branch mainline in revision 384.
  • Revision ID: teddy@recompile.se-20190718000243-okz4s9xao1r1tfnx
Document bug in mandos-keygen which strips white space from passwords

Passwords, as read by mandos-keygen when given the --password or -p
options, are stripped of white space from the start and from the end
of the password.  This is because mandos-keygen is a shell script, and
the Bourne Shell "read" builtin does not seem to have a way to avoid
this.  Document this bug.

* manods-keygen.xml (OPTIONS): Document the white space-stripping
                               nature of the --password/-p option, and
                               also note in the description of
                               --passfile and -F that they avoid this
                               behavior.
  (BUGS): Again mention the problem with the --password and -p
          options, and suggest --passfile as a possible workaround.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "password-prompt">
6
 
<!ENTITY TIMESTAMP "2008-08-31">
 
5
<!ENTITY TIMESTAMP "2019-02-10">
 
6
<!ENTITY % common SYSTEM "../common.ent">
 
7
%common;
7
8
]>
8
9
 
9
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
12
    <title>Mandos Manual</title>
12
13
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
13
14
    <productname>Mandos</productname>
14
 
    <productnumber>&VERSION;</productnumber>
 
15
    <productnumber>&version;</productnumber>
15
16
    <date>&TIMESTAMP;</date>
16
17
    <authorgroup>
17
18
      <author>
18
19
        <firstname>Björn</firstname>
19
20
        <surname>Påhlsson</surname>
20
21
        <address>
21
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
22
23
        </address>
23
24
      </author>
24
25
      <author>
25
26
        <firstname>Teddy</firstname>
26
27
        <surname>Hogeborn</surname>
27
28
        <address>
28
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
29
30
        </address>
30
31
      </author>
31
32
    </authorgroup>
32
33
    <copyright>
33
34
      <year>2008</year>
 
35
      <year>2009</year>
 
36
      <year>2010</year>
 
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
 
43
      <year>2017</year>
 
44
      <year>2018</year>
 
45
      <year>2019</year>
34
46
      <holder>Teddy Hogeborn</holder>
35
47
      <holder>Björn Påhlsson</holder>
36
48
    </copyright>
83
95
    <title>DESCRIPTION</title>
84
96
    <para>
85
97
      All <command>&COMMANDNAME;</command> does is prompt for a
86
 
      password and output any given password to standard output.  This
87
 
      is not very useful on its own.  This program is really meant to
88
 
      run as a plugin in the <application>Mandos</application>
89
 
      client-side system, where it is used as a fallback and
90
 
      alternative to retriving passwords from a <application
91
 
      >Mandos</application> server.
 
98
      password and output any given password to standard output.
 
99
    </para>
 
100
    <para>
 
101
      This program is not very useful on its own.  This program is
 
102
      really meant to run as a plugin in the <application
 
103
      >Mandos</application> client-side system, where it is used as a
 
104
      fallback and alternative to retrieving passwords from a
 
105
      <application >Mandos</application> server.
92
106
    </para>
93
107
    <para>
94
108
      This program is little more than a <citerefentry><refentrytitle
179
193
    <title>ENVIRONMENT</title>
180
194
    <variablelist>
181
195
      <varlistentry>
182
 
        <term><envar>cryptsource</envar></term>
183
 
        <term><envar>crypttarget</envar></term>
 
196
        <term><envar>CRYPTTAB_SOURCE</envar></term>
 
197
        <term><envar>CRYPTTAB_NAME</envar></term>
184
198
        <listitem>
185
199
          <para>
186
200
            If set, these environment variables will be assumed to
194
208
          <manvolnum>8mandos</manvolnum></citerefentry>, which will
195
209
          normally have inherited them from
196
210
          <filename>/scripts/local-top/cryptroot</filename> in the
197
 
          initial RAM disk environment, which will have set them from
198
 
          parsing kernel arguments and
 
211
          initial <acronym>RAM</acronym> disk environment, which will
 
212
          have set them from parsing kernel arguments and
199
213
          <filename>/conf/conf.d/cryptroot</filename> (also in the
200
214
          initial RAM disk environment), which in turn will have been
201
215
          created when the initial RAM disk image was created by
215
229
  
216
230
  <refsect1 id="bugs">
217
231
    <title>BUGS</title>
218
 
    <para>
219
 
      None are known at this time.
220
 
    </para>
 
232
    <xi:include href="../bugs.xml"/>
221
233
  </refsect1>
222
234
  
223
235
  <refsect1 id="example">
240
252
      <para>
241
253
        Show a prefix before the prompt; in this case, a host name.
242
254
        It might be useful to be reminded of which host needs a
243
 
        password, in case of KVM switches, etc.
 
255
        password, in case of <acronym>KVM</acronym> switches, etc.
244
256
      </para>
245
257
      <para>
246
258
 
270
282
      >plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>
271
283
      </citerefentry>, and will, when run standalone, outside, in a
272
284
      normal environment, immediately output on its standard output
273
 
      any presumably secret password it just recieved.  Therefore,
 
285
      any presumably secret password it just received.  Therefore,
274
286
      when running this program standalone (which should never
275
287
      normally be done), take care not to type in any real secret
276
288
      password by force of habit, since it would then immediately be
288
300
  <refsect1 id="see_also">
289
301
    <title>SEE ALSO</title>
290
302
    <para>
 
303
      <citerefentry><refentrytitle>intro</refentrytitle>
 
304
      <manvolnum>8mandos</manvolnum></citerefentry>
291
305
      <citerefentry><refentrytitle>crypttab</refentrytitle>
292
306
      <manvolnum>5</manvolnum></citerefentry>
293
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
307
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
294
308
      <manvolnum>8mandos</manvolnum></citerefentry>
295
309
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
296
310
      <manvolnum>8mandos</manvolnum></citerefentry>,