help-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TRAMP sudo method not asking for password


From: Michael Albinus
Subject: Re: TRAMP sudo method not asking for password
Date: Sat, 12 Jan 2019 19:44:28 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

Marcin Borkowski <address@hidden> writes:

Hi all,

>>> I have a very strange problem: the TRAMP sudo method stopped asking me
>>> for the password.  How is that possible?  sudo in terminal behaves
>>> normally, so it cannot be some global setting I messed up.
>>>
>>> emacs -Q does TRT, i.e., asks for the password.
>>>
>>> I understand that I can bisect my init.el, but it is almost 2 klines
>>> long, so before I do that, I'd like to ask - maybe someone will know the
>>> answer off the top of their head?
>>>
>>> Note: deleting ~/.emacs.d/tramp didn't help.
>
> I found it!
>
> My passwords were cached in ~/.authinfo.  After cleaning it, TRAMP asks
> me the password again.
>
> Now, this file is only mentioned once in the Emacs manual, and in
> a different context.  I think not having it even mentioned in some other
> place is a serious security bug in the docs.  Am I correct?  If so, I'll
> gladly file a bug report.  (I won't try to fix it myself since I do not
> know enough to be sure I'm doing it right.)

In general, your password is written to .authinfo on demand only. That
is, either you add a respective line, or you confirm that the
auth-sources adds this once you have entered it interactively.

The latter feature has been added to Tramp some weeks ago in Emacs 27
(don't remember the commit date). But Tramp asks you for confirmation,
whether you agree to add the password to your .authinfo. So you have
answered "y"; likely by accident, w/o reading the question carefully.

And this IS documented. etc/NEWS says in the Tramp section

--8<---------------cut here---------------start------------->8---
*** Validated passwords are saved by auth-source backends which support this.
--8<---------------cut here---------------end--------------->8---

And in the Tramp manual, there is in (info "(tramp) Password handling")

--8<---------------cut here---------------start------------->8---
   If there doesn’t exist a proper entry, the password is read
interactively.  After successful login (verification of the password),
it is offered to save a corresponding entry for further use by
‘auth-source’ backends which support this.  This could be changed by
setting the user option ‘auth-source-save-behavior’ to ‘nil’.
--8<---------------cut here---------------end--------------->8---

> Best,

Best regards, Michael.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]