From: Mario Lang <mlang@delysid.org>
To: "Kai Großjohann" <kai.grossjohann@gmx.net>,
"Michael Albinus" <michael.albinus@gmx.de>
Cc: emacs-devel@gnu.org
Subject: tramp.el: remote processes and password-cache
Date: Wed, 05 Mar 2014 23:41:51 +0100 [thread overview]
Message-ID: <87iorsnu8g.fsf@fx.delysid.org> (raw)
Hi.
Playing with remote processes in eshell I stumbled across
unexpected behaviour. I have tried several methods, including scpc to
make sure that ControlMaster would be used, and as far as I can tell, it
is being used for normal TRAMP operations, since I do only have to enter
my password once. However, when invoking a remote process, I am always
being reasked for a password, even if I invoke several remote processes
in a row. I had expected `password-cache-expiry' to have an effect, but
it did not. Digging through the code I found this call to
`password-cache-remove' in `tramp-read-passwd', and yes, removing the
call does solve my problem. If I invoke several remote
processes in a row, my setting of `password-cache-expiry' is actually
honored and the password is cached. I am sort of confused about this
code though. As far as I can tell, removing the clearing of the cache
entry does not impose any security problems, since the password has been
cached previously already. We just stop removing the
cache entry before it could actually get used. However, I get the
feeling this piece of code used to do something useful. All I can tell
from here is that removing it solves a bug I observe. I'd actually like
to see `password-cache-expiry' to be taken into account for remote
processes.
If this is to prevent failing authentification due to changed passwords,
I think the default setting of `password-cache-expiry' is still
low enough to allow for removing of the cache clearing without
a lot of user problems. If a user chooses to configure a much higher
cache expiry time they should be aware of that (rather rare?) problem
anyways.
Can you comment on this issue please?
--- a/lisp/net/tramp.el
+++ b/lisp/net/tramp.el
@@ -4131,9 +4131,6 @@ Invokes `password-read' if available, `read-passwd' else."
"password" tramp-current-host tramp-current-method)))
;; Try the password cache.
(when (functionp 'password-read)
- (unless (tramp-get-connection-property
- v "first-password-request" nil)
- (tramp-compat-funcall 'password-cache-remove key))
(let ((password
(tramp-compat-funcall 'password-read pw-prompt key)))
(tramp-compat-funcall 'password-cache-add key password)
--
CYa,
⡍⠁⠗⠊⠕
next reply other threads:[~2014-03-05 22:41 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-05 22:41 Mario Lang [this message]
2014-03-06 10:03 ` tramp.el: remote processes and password-cache Michael Albinus
2014-03-06 13:30 ` Michael Albinus
2014-03-06 16:57 ` Mario Lang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87iorsnu8g.fsf@fx.delysid.org \
--to=mlang@delysid.org \
--cc=emacs-devel@gnu.org \
--cc=kai.grossjohann@gmx.net \
--cc=michael.albinus@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).