Skip to content

hydrargyrum/feed-password-daemon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
.gitlab-ci.yml
.gitlab-ci.yml
 
 
COPYING.wtfpl
COPYING.wtfpl
 
 
README.md
README.md
 
 
feed-password-daemon.py
feed-password-daemon.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

feed-password-daemon

When run, feed-password-daemon:

  • takes as arguments: a command that will be wrapped and its arguments
  • reads a password on TTY and caches it
  • then run this forever:
    • waits for SIGUSR1 to be received
    • when SIGUSR1 is received, it runs the wrapped command that was specified as argument
    • waits for a password prompt coming from the wrapped command
    • feeds the cached password to the wrapped command

But why?

Here's an example, concrete use case: vdirsyncer and Thunderbird can both perform periodic remote calendar synchronization (thanks to CalDAV) which is often password-protected. However:

  • being a GUI app, Thunderbird stays open, reads the password at start and caches it in RAM, so it can use the password when needed, without asking it again
  • being a command-line, non-TUI app, vdirsyncer has no means to cache the password and is forced to ask it at every sync (possibly delegating to pass, but the problem still stands)
    • it prevents from syncing when the user is away from keyboard
    • having to enter the password very often is annoying
    • with pass's pinentry GUI, it might train the user to enter their password without knowing which app is asking for it, which is a sloppy habit

This is where feed-password-daemon helps: it will cache the CalDAV password and wrap vdirsyncer to run it when desired and feeds it the password, without asking it again, à la Thunderbird. SIGUSR1 can then be sent on-demand to feed-password-daemon or periodically.

Options

By default the initial password is read from the TTY.

  • --password-from-env=VARIABLE: read password from environment VARIABLE instead of TTY
  • --password-from-file=FILE: read password from FILE instead of TTY
  • --password-from-stdin: read password from stdin instead of TTY
  • --confirm-password: ask the password twice on TTY at startup, to avoid typos

Other:

  • --reply-to-prompt=PROMPT: feed password when PROMPT is found (this is used to detect when the wrapped command requires a password)
  • --pid-file=FILE: write pid of daemon to FILE
  • --check-at-start: run the wrapped command a first time when feed-password-daemon is started, as if SIGUSR1 was received, useful to verify the password validity as quickly as possible
  • --mlock: keep the daemon (not the wrapped command) in RAM and prevent the cached password to end up accidentally in swap

About

No description, website, or topics provided.

Resources

Readme

License

WTFPL license
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Languages