table of contents
PASSWORD-PROMPT(8mandos) | Mandos Manual | PASSWORD-PROMPT(8mandos) |
NAME¶
password-prompt - Prompt for a password and output it.SYNOPSIS¶
password-prompt
[ --prefix PREFIX | -p PREFIX]
[ --debug]
password-prompt
{ --help | -?}
password-prompt
--usage
password-prompt
{ --version | -V}
DESCRIPTION¶
All password-prompt does is prompt for a password and output any given password to standard output. This program is not very useful on its own. This program is really meant to run as a plugin in the Mandos client-side system, where it is used as a fallback and alternative to retrieving passwords from a Mandos server. This program is little more than a getpass(3) wrapper, although actual use of that function is not guaranteed or implied.OPTIONS¶
This program is commonly not invoked from the command line; it is normally started by the Mandos plugin runner, see plugin-runner(8mandos). Any command line options this program accepts are therefore normally provided by the plugin runner, and not directly. --prefix=PREFIX, -p PREFIXPrefix string shown before the password
prompt.
--debug
Enable debug mode. This will enable a lot of
output to standard error about what the program is doing. The program will
still perform all other functions normally.
--help, -?
Gives a help message about options and their
meanings.
--usage
Gives a short usage message.
--version, -V
Prints the program version.
EXIT STATUS¶
If exit status is 0, the output from the program is the password as it was read. Otherwise, if exit status is other than 0, the program has encountered an error, and any output so far could be corrupt and/or truncated, and should therefore be ignored.ENVIRONMENT¶
CRYPTTAB_SOURCE, CRYPTTAB_NAMEIf set, these environment variables will be
assumed to contain the source device name and the target device mapper name,
respectively, and will be shown as part of the prompt.
These variables will normally be inherited from plugin-runner(8mandos),
which will normally have inherited them from /scripts/local-top/cryptroot in
the initial RAM disk environment, which will have set them from parsing kernel
arguments and /conf/conf.d/cryptroot (also in the initial RAM disk
environment), which in turn will have been created when the initial RAM disk
image was created by /usr/share/initramfs-tools/hooks/cryptroot, by extracting
the information of the root file system from /etc/crypttab.
This behavior is meant to exactly mirror the behavior of askpass, the
default password prompter.
BUGS¶
None are known at this time.EXAMPLE¶
Note that normally, command line options will not be given directly, but via options for the Mandos plugin-runner(8mandos). Normal invocation needs no options:SECURITY¶
On its own, this program is very simple, and does not exactly present any security risks. The one thing that could be considered worthy of note is this: This program is meant to be run by plugin-runner(8mandos), and will, when run standalone, outside, in a normal environment, immediately output on its standard output any presumably secret password it just received. Therefore, when running this program standalone (which should never normally be done), take care not to type in any real secret password by force of habit, since it would then immediately be shown as output. To further alleviate any risk of being locked out of a system, the plugin-runner(8mandos) has a fallback mode which does the same thing as this program, only with less features.SEE ALSO¶
COPYRIGHT¶
Copyright © 2008-2009, 2011-2012 Teddy Hogeborn, Björn Påhlsson2012-01-01 | Mandos 1.5.5 |