On 09/30/2014 02:26 PM, Tom Gundersen wrote:
On Wed, Sep 17, 2014 at 2:26 PM, David Sommerseth <dav...@redhat.com> wrote:
I've been playing with the systemd feature enabled in OpenVPN. And I
propose this change to systemd-ask-password to avoid masking usernames.
I tried looking for alternative ways querying for usernames through
systemd without finding a good solution.
This patch has been tested locally on a slightly modified OpenVPN build
which calls systemd-ask-password with --do-echo when it queries the user
for usernames.
If there are better ways how to solve this, please let me know and I'll
go that path instead.
Similar comments to the other patch (not sure whether or not this api
extensions should be done or not), but for the patch itself I suggest
using --echo, rather than --do-echo, and I guess we need to update the
manpage.
Hmm will this make that password visible to anyone who can watch the
user monitor?
If that is the case then this is an bad practice since nothing should
ever echo the input for passwords in cleartext thus making it visible on
the end user monitor or store the password itself in cleartext in the
journal ( was that checked? ) and this wont pass any kind of audit
compliance administrators and users might have to comply to in their
infrastructure...
JBG
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
