bionic (8) password-prompt.8mandos.gz

Provided by: mandos-client_1.7.19-1_amd64 bug

NAME
       password-prompt - Prompt for a password and output it.


SYNOPSIS
       password-prompt [--prefix PREFIX | -p PREFIX]
                       [--debug]

       password-prompt {--help | -?}

       password-prompt --usage

       password-prompt {--version | -V}


DESCRIPTION
       All password-prompt does is prompt for a password and output any given password to standard output.

       This program is not very useful on its own. This program is really meant to run as a plugin in the Mandos
       client-side system, where it is used as a fallback and alternative to retrieving passwords from a Mandos
       server.

       This program is little more than a getpass(3) wrapper, although actual use of that function is not
       guaranteed or implied.


OPTIONS
       This program is commonly not invoked from the command line; it is normally started by the Mandos plugin
       runner, see plugin-runner(8mandos). Any command line options this program accepts are therefore normally
       provided by the plugin runner, and not directly.

       --prefix=PREFIX, -p PREFIX
           Prefix string shown before the password prompt.

       --debug
           Enable debug mode. This will enable a lot of output to standard error about what the program is
           doing. The program will still perform all other functions normally.

       --help, -?
           Gives a help message about options and their meanings.

       --usage
           Gives a short usage message.

       --version, -V
           Prints the program version.


EXIT STATUS
       If exit status is 0, the output from the program is the password as it was read. Otherwise, if exit
       status is other than 0, the program has encountered an error, and any output so far could be corrupt
       and/or truncated, and should therefore be ignored.


ENVIRONMENT
       CRYPTTAB_SOURCE, CRYPTTAB_NAME
           If set, these environment variables will be assumed to contain the source device name and the target
           device mapper name, respectively, and will be shown as part of the prompt.

           These variables will normally be inherited from plugin-runner(8mandos), which will normally have
           inherited them from /scripts/local-top/cryptroot in the initial RAM disk environment, which will have
           set them from parsing kernel arguments and /conf/conf.d/cryptroot (also in the initial RAM disk
           environment), which in turn will have been created when the initial RAM disk image was created by
           /usr/share/initramfs-tools/hooks/cryptroot, by extracting the information of the root file system
           from /etc/crypttab.

           This behavior is meant to exactly mirror the behavior of askpass, the default password prompter.


BUGS
       Please report bugs to the Mandos development mailing list: <mandos-dev@recompile.se> (subscription
       required). Note that this list is public. The developers can be reached privately at
       <mandos@recompile.se> (OpenPGP key fingerprint 153A 37F1 0BBA 0435 987F 2C4A 7223 2973 CA34 C2C4 for
       encrypted mail).


EXAMPLE
       Note that normally, command line options will not be given directly, but via options for the Mandos
       plugin-runner(8mandos).

       Normal invocation needs no options:

       password-prompt

       Show a prefix before the prompt; in this case, a host name. It might be useful to be reminded of which
       host needs a password, in case of KVM switches, etc.

       password-prompt --prefix=host.example.org:

       Run in debug mode.

       password-prompt --debug


SECURITY
       On its own, this program is very simple, and does not exactly present any security risks. The one thing
       that could be considered worthy of note is this: This program is meant to be run by plugin-
       runner(8mandos), and will, when run standalone, outside, in a normal environment, immediately output on
       its standard output any presumably secret password it just received. Therefore, when running this program
       standalone (which should never normally be done), take care not to type in any real secret password by
       force of habit, since it would then immediately be shown as output.

       To further alleviate any risk of being locked out of a system, the plugin-runner(8mandos) has a fallback
       mode which does the same thing as this program, only with less features.


SEE ALSO
       intro(8mandos) crypttab(5) mandos-client(8mandos) plugin-runner(8mandos),


       Copyright © 2008-2018 Teddy Hogeborn, Björn Påhlsson

       This manual page is part of Mandos.

       Mandos is free software: you can redistribute it and/or modify it under the terms of the GNU General
       Public License as published by the Free Software Foundation, either version 3 of the License, or (at your
       option) any later version.

       Mandos is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the
       implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
       License for more details.

       You should have received a copy of the GNU General Public License along with Mandos. If not, see
       http://www.gnu.org/licenses/.