[prev in list] [next in list] [prev in thread] [next in thread]
List: openldap-bugs
Subject: Re: Patch: 'ldapmodify -y file' reads password from file (ITS#2031)
From: h.b.furuseth () usit ! uio ! no
Date: 2002-08-30 14:46:31
[Download RAW message or body]
Kurt D. Zeilenga writes:
> One of the nice things about using the whole contents of a file
> is that one can use dd if=/dev/random of=/srv/passwd to create
> a password file and use userPassword:< file:///srv/passwd to add
> it to the directory and use -y in scripts.
You can still do that if the terminating newline, if any, is
considered insignificant.
> For those who want to use it for simple passwords, the
> file can easily be created using:
> echo -n 'secret' > /srv/passwd
I.e. you have to know Unix in order to create this file:-(
OTOH, the file can not be created using vi, which silently adds
a newline. Nor with emacs if `require-final-newline' is t.
I think we'd see pleny of error reports from people who have put
the password in a file as specified but can't get it to work.
> where echo is the builtin version, so args are not exposed
> to ps(1).
They are exposed in .history or .bash_history. .bash_history is even
created with the user's umask instead of mode 0600. The maintainter
claims this is not a bug. Maybe he'll change his mind if enough other
people (than me) report that as a bug, bug I'm not holding my breath.
--
Hallvard
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic