[systemd-devel] keyscript support in systemd-cryptsetup
Ryan Castellucci
ryan.castellucci+systemd-devel at gmail.com
Wed Oct 19 21:10:37 UTC 2016
It looks like my use case could be supported with a "Password Agent", and
it seems that it would be possible to wrap the existing keyscript stuff
(though the interface is much more complicated).
How should a password agent be started? Is there a way to disable
particular password agents?
On Wed, Oct 19, 2016 at 3:35 PM, Lennart Poettering <lennart at poettering.net>
wrote:
> On Wed, 19.10.16 15:28, Ryan Castellucci (ryan.castellucci+systemd-deve
> l at gmail.com) wrote:
>
> > Systemd broke a use case that people were actively using, and cryptsetup
> > comes with scripts to support.
>
> Humm, the keyscript thing was a Debian-specific extension. It was
> never supported on systemd or any non-Debian distro. I wouldn't really
> call that breaking... But yeah, we don't support this scheme natively.
>
> > If you won't merge the patch that addresses this, can you explain what
> > needs to be done to support the "use some administrator defined program
> to
> > supply the password" use case that you will merge? Depending on the
> scope,
> > I may be able to write the code. Is there any way this can be done with a
> > wrapper so that people don't have to maintain two versions of their
> > programs?
>
> I don't think the keyscript= concept fits into systemd, sorry. I can
> understand you want this, but all I can suggest is to write a bit of
> glue to make it possible to run keyscript= scripts via the ask
> password logic. It's not too hard, an the API to use is documented here:
>
> https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20161019/ab485b99/attachment.html>
More information about the systemd-devel
mailing list