[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Patch to make 'ldapmodify -WW' read password from stdin

At 12:39 AM 2002-08-14, Hallvard B Furuseth wrote:
>If I run ldapmodify from a script, I don't want to use '-W password'
>because the password shows up in the output of 'ps' for everyone,
>and I can't pipe the password to 'ldapmodify -w' because -w uses
>getpassphrase() which reads from the tty instead of stdin.
>So I added '-WW' which reads the password from stdin without prompting.
>An alternate way would be to check if stdin is the tty, use
>getpassphrase() if it is, and read from stdin (maybe with a prompt) if
>not.  Which way is better?

Have -ww take an argument which is a file containing the secret?
with checks for unsafe file permissions?

>The patch is at <http://folk.uio.no/hbf/OpenLDAP/passwd-stdin.txt>.