'\" t
.TH "SYSTEMD\-ASK\-PASSWORD" "1" "" "systemd 215" "systemd-ask-password"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
systemd-ask-password \- Query the user for a system password
.SH "SYNOPSIS"
.HP \w'\fBsystemd\-ask\-password\ \fR\fB[OPTIONS...]\fR\fB\ \fR\fB[MESSAGE]\fR\ 'u
\fBsystemd\-ask\-password \fR\fB[OPTIONS...]\fR\fB \fR\fB[MESSAGE]\fR
.SH "DESCRIPTION"
.PP
\fBsystemd\-ask\-password\fR
may be used to query a system password or passphrase from the user, using a question message specified on the command line\&. When run from a TTY it will query a password on the TTY and print it to standard output\&. When run with no TTY or with
\fB\-\-no\-tty\fR
it will query the password system\-wide and allow active users to respond via several agents\&. The latter is only available to privileged processes\&.
.PP
The purpose of this tool is to query system\-wide passwords \-\- that is passwords not attached to a specific user account\&. Examples include: unlocking encrypted hard disks when they are plugged in or at boot, entering an SSL certificate passphrase for web and VPN servers\&.
.PP
Existing agents are: a boot\-time password agent asking the user for passwords using Plymouth; a boot\-time password agent querying the user directly on the console; an agent requesting password input via a
\fBwall\fR(1)
message; an agent suitable for running in a GNOME session; a command line agent which can be started temporarily to process queued password requests; a TTY agent that is temporarily spawned during
\fBsystemctl\fR(1)
invocations\&.
.PP
Additional password agents may be implemented according to the
\m[blue]\fBsystemd Password Agent Specification\fR\m[]\&\s-2\u[1]\d\s+2\&.
.PP
If a password is queried on a TTY, the user may press TAB to hide the asterisks normally shown for each character typed\&. Pressing Backspace as first key achieves the same effect\&.
.SH "OPTIONS"
.PP
The following options are understood:
.PP
\fB\-\-icon=\fR
.RS 4
Specify an icon name alongside the password query, which may be used in all agents supporting graphical display\&. The icon name should follow the
\m[blue]\fBXDG Icon Naming Specification\fR\m[]\&\s-2\u[2]\d\s+2\&.
.RE
.PP
\fB\-\-timeout=\fR
.RS 4
Specify the query timeout in seconds\&. Defaults to 90s\&. A timeout of 0 waits indefinitely\&.
.RE
.PP
\fB\-\-no\-tty\fR
.RS 4
Never ask for password on current TTY even if one is available\&. Always use agent system\&.
.RE
.PP
\fB\-\-accept\-cached\fR
.RS 4
If passed, accept cached passwords, i\&.e\&. passwords previously typed in\&.
.RE
.PP
\fB\-\-multiple\fR
.RS 4
When used in conjunction with
\fB\-\-accept\-cached\fR
accept multiple passwords\&. This will output one password per line\&.
.RE
.PP
\fB\-h\fR, \fB\-\-help\fR
.RS 4
Print a short help text and exit\&.
.RE
.SH "EXIT STATUS"
.PP
On success, 0 is returned, a non\-zero failure code otherwise\&.
.SH "SEE ALSO"
.PP
\fBsystemd\fR(1),
\fBsystemctl\fR(1),
\fBplymouth\fR(8),
\fBwall\fR(1)
.SH "NOTES"
.IP " 1." 4
systemd Password Agent Specification
.RS 4
\%http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents
.RE
.IP " 2." 4
XDG Icon Naming Specification
.RS 4
\%http://standards.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html
.RE