Discussion:
systemd-ask-password and kernel keyring
(too old to reply)
Sietse van Zanen
2018-11-14 11:38:09 UTC
Permalink
According to man:

--keyname=
Configure a kernel keyring key name to use as cache for the password. If set, then the tool will try to push any collected passwords into the
kernel keyring of the root user


Why only for user root and not the user running systemd-ask-password?

I am working on a project where a user will run a keyserver. currently I do the keyctl add etc manually, but it would be much nicer is system-ask-password could use the user's keyring.


-Sietse
Lennart Poettering
2018-11-14 15:44:00 UTC
Permalink
Post by Sietse van Zanen
--keyname=
Configure a kernel keyring key name to use as cache for the password. If set, then the tool will try to push any collected passwords into the
kernel keyring of the root user
Why only for user root and not the user running
systemd-ask-password?
The whole "systemd-ask-password" concept was created with HDD
passwords in mind, i.e. system stuff. We could of course extend the
logic to also support unprivileged user stuff, and this has been
requested before, but so far nobody sent a patch updating things for
this purpose.

Lennart
--
Lennart Poettering, Red Hat
Ryan Gonzalez
2018-11-15 04:42:52 UTC
Permalink
What would a patch look like? A --user that instead saves it to the user's
active secret service?

--
Ryan (ラむアン)
Yoko Shimomura, ryo (supercell/EGOIST), Hiroyuki Sawano >> everyone else
https://refi64.com/
Post by Sietse van Zanen
Post by Sietse van Zanen
--keyname=
Configure a kernel keyring key name to use as cache for the
password. If set, then the tool will try to push any collected passwords
into the
Post by Sietse van Zanen
kernel keyring of the root user
Why only for user root and not the user running
systemd-ask-password?
The whole "systemd-ask-password" concept was created with HDD
passwords in mind, i.e. system stuff. We could of course extend the
logic to also support unprivileged user stuff, and this has been
requested before, but so far nobody sent a patch updating things for
this purpose.
Lennart
--
Lennart Poettering, Red Hat
_______________________________________________
systemd-devel mailing list
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Continue reading on narkive:
Loading...