[systemd-devel] Password agent for user services
mkoutny at suse.com
Mon May 13 18:30:36 UTC 2019
I was pondering a user service that would ask for password via the
password agent infrastructure (as there is
systemd-gnome-ask-password-agent it could be quite integrated with the
desktop environment) as an alternative to saving it in (Gnome) keyring.
Naïve experiment with
> ExecStart=/usr/bin/systemd-ask-password "What is your pwd?"
> May 13 19:49:56 host systemd-ask-password: Failed to query password: Permission denied
Then I read about the password agent API  and realized that poor
agent cannot create the notification file in the watched directory. I
also noticed the auxiliary agent is not spawned for user services .
I'm not that familiar with policy-kit, however, IIUC, it is possible to
ask unprivileged systemd-gnome-ask-password-agent to provide a password
for system service. Is that correct?
What would then prohibit making /run/systemd/ask-password world writable
to allow unprivileged users to ask for a password?
(I understand the interface is so crude so that it works at early boot
stages w/out DBus. For the user requests it would perhaps make sense to
make have a parallel DBus API.)
Or is there an alternative approach to query interactively passwords for
user services (e.g. already existing user service that could queried via
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: Digital signature
More information about the systemd-devel