Open flying-sheep opened 2 years ago
zdave
commented
2 years ago I'm not entirely sure what you mean, sorry. Could you clarify?
If you're referring to the --password option I agree that isn't great; command lines are generally visible to all users, so if you use this, your password will probably be visible to everyone else on the machine. Perhaps an option to accept the password on stdin would work, like openconnect's --passwd-on-stdin.
ALescouet
commented
1 year ago Hi, I would also be interested in this behavior. Would you accept a PR which takes a passwd-cmd option which when executed produces a line of text which is used as the password? This is, from what I have seen, a common way of addressing such issues.
This can also be extended by reading from a configuration file, would you take a PR for that too? I can open a separate issue.
I currently have a somewhat WIP branch with both these changes that I could clean and submit in case this is fine with you.
Hi, I thought it would be nice to save the password safely instead of passing it in plain text (even though 2FA is still active)
Is there a point where we know login was successful, but the main loop of openconnect hasn’t been entered yet?
Alternatively we could save the password when a SIGTERM is happening …