#4 allow -u and -p to be retrieved from env

closed
SungHun Kim
5
2002-09-23
2001-12-18
No

For the purpose of security, I think it would be
helpful to provide a way to specify the -u and -p
options using the shell environment. This way the
password and username will not show up in a shell
history or process listing.

thanks,

- joe

Discussion

  • SungHun Kim
    SungHun Kim
    2001-12-21

    Logged In: YES
    user_id=206854

    Good iead.

    What environment variable name would be good?
    DAVFS_USER and DAVFS_GROUP?

     
  • SungHun Kim
    SungHun Kim
    2001-12-21

    • assigned_to: nobody --> hunkim
     
  • Logged In: YES
    user_id=358486

    I don't have any preference, but it might worthwhile to
    emulate some other mounted-like filesystem.

    Here is an excerpt from smbclient:

    -U username[%pass]
    Sets the SMB username or username and
    password. If
    %pass is not specified, The user will be
    prompted.
    The client will first check the USER
    environment
    variable, then the LOGNAME variable and if
    either
    exists, the string is uppercased. Anything in
    these
    variables following a '%' sign will be
    treated as
    the password. If these environment variables
    are
    not found, the username GUEST is used.

    If the password is not included in these
    environ?
    ment variables (using the %pass syntax),
    smbclient
    will look for a PASSWD environment variable
    from
    which to read the password.

    A third option is to use a credentials file
    which
    contains the plaintext of the username and
    pass?
    word. This option is mainly provided for
    scripts
    where the admin doesn't wish to pass the
    creden?
    tials on the command line or via environment
    vari?
    ables. If this method is used, make certain
    that
    the permissions on the file restrict access
    from
    unwanted users. See the -A for more details.

    Be cautious about including passwords in
    scripts or
    in the PASSWD environment variable. Also, on
    many
    systems the command line of a running
    process may
    be seen via the ps command to be safe always
    allow
    smbclient to prompt for a password and type
    it in
    directly.

     
  • SungHun Kim
    SungHun Kim
    2002-09-23

    • status: open --> closed