[Date Prev][Date Next]
Re: Patch: 'ldapmodify -y file' reads password from file (ITS#2031)
Kurt D. Zeilenga writes:
> One of the nice things about using the whole contents of a file
> is that one can use dd if=/dev/random of=/srv/passwd to create
> a password file and use userPassword:< file:///srv/passwd to add
> it to the directory and use -y in scripts.
You can still do that if the terminating newline, if any, is
> For those who want to use it for simple passwords, the
> file can easily be created using:
> echo -n 'secret' > /srv/passwd
I.e. you have to know Unix in order to create this file:-(
OTOH, the file can not be created using vi, which silently adds
a newline. Nor with emacs if `require-final-newline' is t.
I think we'd see pleny of error reports from people who have put
the password in a file as specified but can't get it to work.
> where echo is the builtin version, so args are not exposed
> to ps(1).
They are exposed in .history or .bash_history. .bash_history is even
created with the user's umask instead of mode 0600. The maintainter
claims this is not a bug. Maybe he'll change his mind if enough other
people (than me) report that as a bug, bug I'm not holding my breath.