Hi,
i have a question regarding the --askpass option.
I think the username and hostname in the argument vector would be useful for some applications. Is this a bad idea?
BTW, why does lsh write the prompt string in argv[1]?
Regards Georg Sauthoff
Georg Sauthoff gsauthof@TechFak.Uni-Bielefeld.DE writes:
I think the username and hostname in the argument vector would be useful for some applications. Is this a bad idea?
It might be useful (do you have any example scenarios?), but doesn't quite fit with the internal interface that the askpass feature uses.
BTW, why does lsh write the prompt string in argv[1]?
The idea is that the askpass program can be used to ask for any secret information. The point of the prompt string is to give the user some clue about what's being asked.
Next, the idea of the askpass feature is to let an external program take care of this part of the user interaction. It might display the prompt on the terminal, but it might just as well open an X window and display it in the window title, or whatever. That's why lsh passes the prompt to the askpass program, and putting it on the command lined seemed like the simplest way to do that.
Regards, /Niels
On Mon, Jan 24, 2005 at 07:23:00PM +0100, Niels Möller wrote:
Georg Sauthoff gsauthof@TechFak.Uni-Bielefeld.DE writes:
Hi,
I think the username and hostname in the argument vector would be useful for some applications. Is this a bad idea?
It might be useful (do you have any example scenarios?), but doesn't
yes. I think of a password agent, which caches different passwords for different accounts (i.e. hosts + usernames).
quite fit with the internal interface that the askpass feature uses.
Hm, too bad ...
Regards Georg Sauthoff
Georg Sauthoff gsauthof@TechFak.Uni-Bielefeld.DE writes:
It might be useful (do you have any example scenarios?), but doesn't
yes. I think of a password agent, which caches different passwords for different accounts (i.e. hosts + usernames).
Hmm, I wouldn't recommend using the askpass feature for that, it seems like a too fuzzy interface; it's an interface for humans, not machines. Implementing a public key agent (or using an unencrypted public key, if that is acceptable in the given context) seems more robust.
If you really want to, you could add the hostname string to the prompt, so you get
"Password for nisse@some.host.example.com: "
Feel free to record an "enhancement" bug report at bugzilla.lysator.liu.se if you would like to have that, so that it isn't forgotten.
Regards, /Niels
On 27 Jan 2005 14:18:34 +0100, Niels Möller said:
machines. Implementing a public key agent (or using an unencrypted public key, if that is acceptable in the given context) seems more robust.
gnupg 1.9 comes with such an agent and the protocol is fairly easy. Shouldn't be too hard to add it to lsh. The latest cvs version even speaks the ssh-agent protocol directly.
Shalom-Salam,
Werner