68
67
<refname><command>&COMMANDNAME;</command></refname>
69
<refpurpose>Prompt for a password and output it.</refpurpose>
69
Passprompt for luks during boot sequence
74
75
<command>&COMMANDNAME;</command>
76
<arg choice="plain"><option>-p <replaceable
77
>PREFIX</replaceable></option></arg>
78
<arg choice="plain"><option>--prefix </option><replaceable
79
>PREFIX</replaceable></arg>
81
<arg choice="opt"><option>--debug</option></arg>
84
<command>&COMMANDNAME;</command>
86
<arg choice="plain"><option>-?</option></arg>
87
<arg choice="plain"><option>--help</option></arg>
91
<command>&COMMANDNAME;</command>
92
<arg choice="plain"><option>--usage</option></arg>
95
<command>&COMMANDNAME;</command>
97
<arg choice="plain"><option>-V</option></arg>
98
<arg choice="plain"><option>--version</option></arg>
76
<arg choice='opt'>--prefix<arg choice='plain'>PREFIX</arg></arg>
77
<arg choice='opt'>--debug</arg>
80
<command>&COMMANDNAME;</command>
81
<arg choice='plain'>--help</arg>
84
<command>&COMMANDNAME;</command>
85
<arg choice='plain'>--usage</arg>
88
<command>&COMMANDNAME;</command>
89
<arg choice='plain'>--version</arg>
103
93
<refsect1 id="description">
104
94
<title>DESCRIPTION</title>
106
All <command>&COMMANDNAME;</command> does is prompt for a
107
password and output any given password to standard output. This
108
is not very useful on its own. This program is really meant to
109
run as a plugin in the <application>Mandos</application>
110
client-side system, where it is used as a fallback and
111
alternative to retriving passwords from a <application
112
>Mandos</application> server.
115
This program is little more than a <citerefentry><refentrytitle
116
>getpass</refentrytitle><manvolnum>3</manvolnum></citerefentry>
117
wrapper, although actual use of that function is not guaranteed
96
<command>&COMMANDNAME;</command> is a terminal program that ask for
97
passwords during boot sequence. It is a plugin to
98
<firstterm>mandos</firstterm>, and is used as a fallback and
99
alternative to retriving passwords from a mandos server. During
100
boot sequence the user is prompted for the disk password, and
101
when a password is given it then gets forwarded to
102
<acronym>LUKS</acronym>.
122
106
<refsect1 id="options">
123
107
<title>OPTIONS</title>
125
This program is commonly not invoked from the command line; it
126
is normally started by the <application>Mandos</application>
127
plugin runner, see <citerefentry><refentrytitle
128
>plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>
129
</citerefentry>. Any command line options this program accepts
130
are therefore normally provided by the plugin runner, and not
109
Commonly not invoked as command lines but from configuration
110
file of plugin runner.
136
<term><option>-p</option> <replaceable>PREFIX</replaceable
138
<term><option>--prefix=</option><replaceable
139
>PREFIX</replaceable></term>
142
Prefix string shown before the password prompt.
148
<term><option>--debug</option></term>
151
Enable debug mode. This will enable a lot of output to
152
standard error about what the program is doing. The
153
program will still perform all other functions normally.
159
<term><option>-?</option></term>
160
<term><option>--help</option></term>
163
Gives a help message about options and their meanings.
169
<term><option>--usage</option></term>
172
Gives a short usage message.
178
<term><option>-V</option></term>
179
<term><option>--version</option></term>
182
Prints the program version.
115
<term><literal>-p</literal>, <literal>--prefix=<replaceable>PREFIX
116
</replaceable></literal></term>
119
Prefix used before the passprompt
125
<term><literal>--debug</literal></term>
134
<term><literal>-?</literal>, <literal>--help</literal></term>
143
<term><literal>--usage</literal></term>
146
Gives a short usage message
152
<term><literal>-V</literal>, <literal>--version</literal></term>
155
Prints the program version
189
162
<refsect1 id="exit_status">
190
163
<title>EXIT STATUS</title>
192
If exit status is 0, the output from the program is the password
193
as it was read. Otherwise, if exit status is other than 0, the
194
program has encountered an error, and any output so far could be
195
corrupt and/or truncated, and should therefore be ignored.
199
<refsect1 id="environment">
200
<title>ENVIRONMENT</title>
203
<term><envar>cryptsource</envar></term>
204
<term><envar>crypttarget</envar></term>
207
If set, these environment variables will be assumed to
208
contain the source device name and the target device
209
mapper name, respectively, and will be shown as part of
213
These variables will normally be inherited from
214
<citerefentry><refentrytitle>plugin-runner</refentrytitle>
215
<manvolnum>8mandos</manvolnum></citerefentry>, which will
216
normally have inherited them from
217
<filename>/scripts/local-top/cryptroot</filename> in the
218
initial RAM disk environment, which will have set them from
219
parsing kernel arguments and
220
<filename>/conf/conf.d/cryptroot</filename> (also in the
221
initial RAM disk environment), which in turn will have been
222
created when the initial RAM disk image was created by
224
>/usr/share/initramfs-tools/hooks/cryptroot</filename>, by
225
extracting the information of the root file system from
226
<filename >/etc/crypttab</filename>.
229
This behavior is meant to exactly mirror the behavior of
230
<command>askpass</command>, the default password prompter.
168
<refsect1 id="notes">
237
174
<refsect1 id="bugs">
238
175
<title>BUGS</title>
240
None are known at this time.
244
<refsect1 id="example">
245
<title>EXAMPLE</title>
180
<refsect1 id="examples">
181
<title>EXAMPLES</title>
247
Note that normally, command line options will not be given
248
directly, but via options for the Mandos <citerefentry
249
><refentrytitle>plugin-runner</refentrytitle>
250
<manvolnum>8mandos</manvolnum></citerefentry>.
254
Normal invocation needs no options:
257
<userinput>&COMMANDNAME;</userinput>
262
Show a prefix before the prompt; in this case, a host name.
263
It might be useful to be reminded of which host needs a
264
password, in case of KVM switches, etc.
268
<!-- do not wrap this line -->
269
<userinput>&COMMANDNAME; --prefix=host.example.org:</userinput>
278
<!-- do not wrap this line -->
279
<userinput>&COMMANDNAME; --debug</userinput>
284
186
<refsect1 id="security">
285
187
<title>SECURITY</title>
287
On its own, this program is very simple, and does not exactly
288
present any security risks. The one thing that could be
289
considered worthy of note is this: This program is meant to be
290
run by <citerefentry><refentrytitle
291
>plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>
292
</citerefentry>, and will, when run standalone, outside, in a
293
normal environment, immediately output on its standard output
294
any presumably secret password it just recieved. Therefore,
295
when running this program standalone (which should never
296
normally be done), take care not to type in any real secret
297
password by force of habit, since it would then immediately be
301
To further alleviate any risk of being locked out of a system,
302
the <citerefentry><refentrytitle>plugin-runner</refentrytitle>
303
<manvolnum>8mandos</manvolnum></citerefentry> has a fallback
304
mode which does the same thing as this program, only with less
309
192
<refsect1 id="see_also">
310
193
<title>SEE ALSO</title>
312
<citerefentry><refentrytitle>crypttab</refentrytitle>
313
<manvolnum>5</manvolnum></citerefentry>
314
<citerefentry><refentrytitle>password-request</refentrytitle>
195
<citerefentry><refentrytitle>mandos</refentrytitle>
196
<manvolnum>8</manvolnum></citerefentry>, <citerefentry>
197
<refentrytitle>plugin-runner</refentrytitle>
198
<manvolnum>8mandos</manvolnum></citerefentry> and <citerefentry>
199
<refentrytitle>password-request</refentrytitle>
315
200
<manvolnum>8mandos</manvolnum></citerefentry>
316
<citerefentry><refentrytitle>plugin-runner</refentrytitle>
317
<manvolnum>8mandos</manvolnum></citerefentry>,
321
<!-- Local Variables: -->
322
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
323
<!-- time-stamp-end: "[\"']>" -->
324
<!-- time-stamp-format: "%:y-%02m-%02d" -->