[Freeipa-devel] [PATCH] allow password to be sent in via pipe
Rob Crittenden
rcritten at redhat.com
Mon May 4 21:43:39 UTC 2009
Jason Gerard DeRose wrote:
> On Thu, 2009-04-30 at 15:08 -0400, Rob Crittenden wrote:
>> When reading a password, if there is no tty, read from stdin instead.
>>
>> This will allow one to pipe a password in:
>>
>> echo -e "secret123\secret123\n" | ipa password someuser
>>
>> rob
>
> ack, good start.
>
> One thing we might want to change is I don't think you should have to
> provide the password twice from stdin. I think this would be better:
>
> if stdin.isatty():
> # prompt with getpass()
> # prompt again with getpass() to confirm
> else:
> stdin.readline().strip() # Just once
>
> This will make it easier when scripting with ipa (which I assume is when
> this feature would most likely be used).
>
> Also, this use is pretty ambiguous in cases where you have a command
> that has more than one Password param. I don't think we have anything
> like this in IPA yet, but we might down the road.
>
>
Yeah, I thought the double-read was a bit goofy too but it at least gets
us moving in the right direction :-)
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090504/ab83f7bf/attachment.bin>
More information about the Freeipa-devel
mailing list