-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Password prompt goes to stdout #3
Comments
Confirmed this is an issue. Trying to find the proper PAM documentation to direct the prompt to stderr. |
This issue has been fixed (or at least worked around) in the latest commit: cef2929 The password prompt is now displayed on stderr and the target command's output is written to stdout. At least it's working for me, would like to get it tested before I send update the FreeBSD port. |
While it solves the problem I initially reported it still has another one. Redirecting stderr has the same problem. On OpenBSD AFAICT su(1) solves this by using |
I tried using ttyname and pam_set_item the way su does yesterday. It didn't work. Depending on where the call is made, I either ended up with the password prompt in stdout or no visible password prompt at all. You said ls &> ls.out put the password prompt in the output, but that is what I would consider expected behaviour considering the command. I mean that is what I would want to happen if I ran doas ls &> ls.out. |
Workaround for issue #3: hide stdin from openpam_ttyconv
It should go to stderr, so that e.g.
doas ls > ls.out
works andls.out
does not contain thePassword:
prompt. OpenBSD's doas does the right thing here.I think this can be setup with PAM somehow, so this is likely related to #2.
The text was updated successfully, but these errors were encountered: