-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
serviceaccount password on command line #30
Comments
Looks like from the code, maybe all I have to do is supply /p and then type the password on stdin. Will experiment with that, but still; updating the readme to document this would be nice! |
Are you thinking something like just an AES encryption? |
No I wasn't. I was really just thinking about passing the credentials on the command line so they are just around transiently (as opposed to stored in the XML.) That was before I saw there was a /p option, although it's a bit clunky and undocumented. |
Adding documentation is easy, but what is clunky about it? |
It's just clunky for me to implement correctly that's all - everything else is fine about it. (I'm coming from the context of wrapping winsw with a nodejs program (See https://github.com/arthurblake/node-windows) that invokes winsw to do what it needs-- it can invoke it in several different ways, and it's clunky for me to have to grab stdin and pass the password in that way as opposed to just passing it as a command line arg, (not impossible, just clunky.) I would prefer if it was implemented like other MS commands (like net use, etc.) where your can pass /u /p right on command line although I can understand others might consider that less secure. |
I think it's actually and still reasonable for some cases |
Interesting. I had also searched for a option to give the login password for the service accont on cmd while installing the service. /p helped me out (but also asked for username and logon behaviour). It would be nice to have this information in the install guide (or how to get those "hidden" flags on cmd /? or --help does not print out the option). |
Can you please inform me what is the state of this issue? |
The Lines 54 to 55 in ea6cb80
Bear in mind that More arguments can be implemented as part of #433. |
I did't like the /p option, I made a little workaround, by writing the service config twice, first one time with password, I use that for installing the service, then I let my installer write the config file again without the password. It works fine for start, stop, status and uninstall |
@HackerBaloo I have done the same. The ugly thing about this solution: You really should ensure to not leave the password for the service account in the configuration file. Then a "hacker" or ugly user can read the password of your service account. |
I'm having this problem today. When delivering a package I have to make sure to remove the xml file or limit read, or some other absurd stuff. I can't have a password in text laying around. |
If you are prepared to use the development version, I think it is possible already. |
The only thing holding me back in using the 'dev' version, is it's release in Maven/Jenkings Repo. |
I am struggling with the security problems of passing logon credentials in clear text in the xml (under serviceaccount element) and would prefer a way to pass the credentials directly on the command line... (when installing service.)
I saw that issue #19 may address this, but cannot find exact usage information on that. Could you document basic usage of that feature?
The text was updated successfully, but these errors were encountered: