[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Patch: 'ldapmodify -y file' reads password from file (ITS#2031)

Kurt D. Zeilenga writes:
> One of the nice things about using the whole contents of a file
> is that one can use dd if=/dev/random of=/srv/passwd to create
> a password file and use userPassword:< file:///srv/passwd to add
> it to the directory and use -y in scripts.

You can still do that if the terminating newline, if any, is
considered insignificant.

> For those who want to use it for simple passwords, the
> file can easily be created using:
>   echo -n 'secret' > /srv/passwd

I.e. you have to know Unix in order to create this file:-(
OTOH, the file can not be created using vi, which silently adds
a newline.  Nor with emacs if `require-final-newline' is t.
I think we'd see pleny of error reports from people who have put
the password in a file as specified but can't get it to work.

> where echo is the builtin version, so args are not exposed
> to ps(1).

They are exposed in .history or .bash_history.  .bash_history is even
created with the user's umask instead of mode 0600.  The maintainter
claims this is not a bug.  Maybe he'll change his mind if enough other
people (than me) report that as a bug, bug I'm not holding my breath.