Re: libgnomesu [was Re: Proposed modules: my consensus so far]

[Hongli Lai <h lai chello nl>]

Shahms King wrote:
> This is true for sudo, but not ssh.  ssh usually reads the password from
> stdin, but can also be told to execute an arbitrary program:
> SSH_ASKPASS
>    If ssh needs a passphrase, it will read the passphrase from the 
>    current terminal if it was run from a terminal.  If ssh does not   
>    have a terminal associated with it but DISPLAY and SSH_ASKPASS are 
>    set, it will execute the program specified by SSH_ASKPASS and open
>    an X11 window to read the passphrase.  This is particularly useful 
>    when calling ssh from a .Xsession or related script.  (Note that on 
>    some machines it may be necessary to redirect the input 
>    from /dev/null to make this work.)

Notice the "does not have a terminal" part. I tried about anything to 
make it think it doesn't have a terminal (closing stdin/stdout, etc.), 
but nothing worked.


> Regardless, ssh can be told to read its passphrase from something other
> than the controlling terminal.  sudo, however, has no option or
> environment variable for telling it to read the password from somewhere
> else, although I imagine a patch to do so wouldn't be terribly
> difficult.

It does, it has an option for reading from stdin. But that still leaves 
the output, just like ssh. There is no way to tell whether the 
authentication succeeded, other than to read the output.