Re: libgnomesu [was Re: Proposed modules: my consensus so far]
- From: Hongli Lai <h lai chello nl>
- To: Carlos Garnacho <carlos_garnacho yahoo es>
- Cc: Mark McLoughlin <markmc redhat com>, Nalin Dahyabhai <nalin redhat com>, Desktop Devel <desktop-devel-list gnome org>
- Subject: Re: libgnomesu [was Re: Proposed modules: my consensus so far]
- Date: Wed, 24 Nov 2004 18:30:20 +0100
Carlos Garnacho wrote:
However, even knowing how hard is to implement
_with_pipes (and I know it, I've reimplemented this
part in GST some times, plus my system-auth-agent
try), I consider its lack in libgnomesu a showstopper,
as GST *needs* it for communicating with the backends
We have two alternatives:
1. Turn libgnomesu into an authentication library instead of an
authentication *wrapper* library. This way I have full control over the
setuid binaries, and I can implement pipe support.
Downsides:
- sudo and ssh support will never be possible.
2. Modify sudo, ssh, etc. so they can read the password from and provide
status information to something other than the console or stdin/stdout.
Downsides/issues:
- Current generation distributions do not include it, and probably never
will (they usually only provide bugfix releases for packages). It will
take some time before people have these new versions.
- Will the sudo/ssh authors support this?
- What about other Unices? Is there only one sudo, or does each Unix has
its own sudo?
- I've researched using $SSH_ASKPASS, but it just doesn't work well,
unfortunately.
Or: just don't use libgnomesu in GST. Only use it in apps that don't
need ssh remote authentication.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
