oracular (8) password-prompt.8mandos.gz

Provided by: mandos-client_1.8.17-1_amd64 bug

NAME

       password-prompt - Prompt for a password and output it.

SYNOPSIS

       password-prompt [--prefix PREFIX | -p PREFIX]
                       [--prompt PROMPT] [--debug]

       password-prompt {--help | -?}

       password-prompt --usage

       password-prompt {--version | -V}

DESCRIPTION

       All password-prompt does is prompt for a password and output any given password to
       standard output.

       This program is not very useful on its own. This program is really meant to run as a
       plugin in the Mandos client-side system, where it is used as a fallback and alternative to
       retrieving passwords from a Mandos server.

       This program is little more than a getpass(3) wrapper, although actual use of that
       function is not guaranteed or implied.

       This program tries to detect if a Plymouth daemon (plymouthd(8)) is running, by looking
       for a /run/plymouth/pid file or a process named “plymouthd”. If it is detected, this
       process will immediately exit without doing anything.

OPTIONS

       This program is commonly not invoked from the command line; it is normally started by the
       Mandos plugin runner, see plugin-runner(8mandos). Any command line options this program
       accepts are therefore normally provided by the plugin runner, and not directly.

       --prefix=PREFIX, -p PREFIX
           Prefix string shown before the password prompt.

       --prompt=PROMPT
           The password prompt. Using this option will make this program ignore the
           CRYPTTAB_SOURCE and CRYPTTAB_NAME environment variables.

       --debug
           Enable debug mode. This will enable a lot of output to standard error about what the
           program is doing. The program will still perform all other functions normally.

       --help, -?
           Gives a help message about options and their meanings.

       --usage
           Gives a short usage message.

       --version, -V
           Prints the program version.

EXIT STATUS

       If exit status is 0, the output from the program is the password as it was read.
       Otherwise, if exit status is other than 0, the program has encountered an error, and any
       output so far could be corrupt and/or truncated, and should therefore be ignored.

ENVIRONMENT

       CRYPTTAB_SOURCE, CRYPTTAB_NAME
           If set, and if the --prompt option is not used, these environment variables will be
           assumed to contain the source device name and the target device mapper name,
           respectively, and will be shown as part of the prompt.

           These variables will normally be inherited from plugin-runner(8mandos), which might
           have in turn inherited them from its calling process.

           This behavior is meant to exactly mirror the behavior of askpass, the default password
           prompter from initramfs-tools.

BUGS

       Please report bugs to the Mandos development mailing list: <mandos-dev@recompile.se>
       (subscription required). Note that this list is public. The developers can be reached
       privately at <mandos@recompile.se> (OpenPGP key fingerprint 153A 37F1 0BBA 0435 987F 2C4A
       7223 2973 CA34 C2C4 for encrypted mail).

EXAMPLE

       Note that normally, command line options will not be given directly, but via options for
       the Mandos plugin-runner(8mandos).

       Normal invocation needs no options:

       password-prompt

       Show a prefix before the prompt; in this case, a host name. It might be useful to be
       reminded of which host needs a password, in case of KVM switches, etc.

       password-prompt --prefix=host.example.org:

       Run in debug mode.

       password-prompt --debug

SECURITY

       On its own, this program is very simple, and does not exactly present any security risks.
       The one thing that could be considered worthy of note is this: This program is meant to be
       run by plugin-runner(8mandos), and will, when run standalone, outside, in a normal
       environment, immediately output on its standard output any presumably secret password it
       just received. Therefore, when running this program standalone (which should never
       normally be done), take care not to type in any real secret password by force of habit,
       since it would then immediately be shown as output.

       To further alleviate any risk of being locked out of a system, the plugin-runner(8mandos)
       has a fallback mode which does the same thing as this program, only with less features.

SEE ALSO

       intro(8mandos), mandos-client(8mandos), plugin-runner(8mandos), plymouthd(8)

       Copyright © 2008-2019 Teddy Hogeborn, Björn Påhlsson

       This manual page is part of Mandos.

       Mandos is free software: you can redistribute it and/or modify it under the terms of the
       GNU General Public License as published by the Free Software Foundation, either version 3
       of the License, or (at your option) any later version.

       Mandos is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
       without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
       See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with Mandos. If
       not, see http://www.gnu.org/licenses/.