From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Michael Albinus Newsgroups: gmane.emacs.devel Subject: Re: tramp-auto-auth.el --- TRAMP automatic authentication library Date: Tue, 27 Aug 2019 12:12:15 +0200 Message-ID: <87woeyudc0.fsf@gmx.de> References: <877e74skek.fsf@oitofelix.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="121942"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Cc: emacs-devel@gnu.org To: Bruno =?utf-8?Q?F=C3=A9lix?= Rezende Ribeiro Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Aug 27 12:16:00 2019 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1i2YW7-000VY3-KF for ged-emacs-devel@m.gmane.org; Tue, 27 Aug 2019 12:15:59 +0200 Original-Received: from localhost ([::1]:49072 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i2YW6-0004Po-AI for ged-emacs-devel@m.gmane.org; Tue, 27 Aug 2019 06:15:58 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:55963) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i2YSi-0004ND-9D for emacs-devel@gnu.org; Tue, 27 Aug 2019 06:12:29 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i2YSg-0004lW-UW for emacs-devel@gnu.org; Tue, 27 Aug 2019 06:12:28 -0400 Original-Received: from mout.gmx.net ([212.227.17.20]:48743) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1i2YSg-0004kC-ID; Tue, 27 Aug 2019 06:12:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1566900738; bh=S2wiupHleq3OPy1Z7YFEo1oyolhWLfo3hSXEBONARwY=; h=X-UI-Sender-Class:From:To:Cc:Subject:References:Date:In-Reply-To; b=DI3cOpDn3eOYUrsw5DYqpJZp1hcdtZTYqcg5DeKg7VM7cQIUg1+Rw1Ru1NDkNN2LF vCw47VaUnixrU4SDK5aKZTF7yuYTxVnIRLCDtZcLVaIsb0gIF5qHo6VsEixDIVRvDr HA+rghh6WPpuPBssiMLV5uSNXoei1jdoTPAsc05I= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Original-Received: from detlef.gmx.de ([213.220.147.55]) by mail.gmx.com (mrgmx101 [212.227.17.168]) with ESMTPSA (Nemesis) id 0MTwYX-1hbzCV2N8b-00QfwM; Tue, 27 Aug 2019 12:12:18 +0200 In-Reply-To: <877e74skek.fsf@oitofelix.com> ("Bruno =?utf-8?Q?F=C3=A9lix?= Rezende Ribeiro"'s message of "Thu, 22 Aug 2019 23:08:51 -0300") X-Provags-ID: V03:K1:7CU9OVPP/tTG1v/J6zCdu+Th0b/Y5VgXQthpi99trtx9HrN1O8s gF87nZNwRidPZ6sMntw9ShLR3cs1FoBl3vZ7c2tsY+7KBH4dWg+zIxO0UupBeU4SqamUrFW 9rkOsE4xk1W3t3qs/TxM5MlPwqA6hws2M1v2fvLImilxSfK9Y4BTIUQhEmk7sZwKy3dYPHb h5GJOooeR4o3Gq+6WBkVA== X-UI-Out-Filterresults: notjunk:1;V03:K0:TOkVv+F0bRM=:qQJJHV6E6IReAjFmXieFhU WgwpTIa7JpVPndwhCytNJqMPK5ZoFTLpKvNK7AtIQl8xVZ67BIiD2t06J39TkU42DOQ45DxPC Z4Sb7eRfv0599x0X//s7v2BCU6HSp7cTTr/AxSYvms1LVQqfCzAfHfvmhecw8XGts991IlyVK I+lGR/oqocB8W4f3aKZZAWYn8pyloQW6ZQeUIvsgItzKrQJzUkaGkKLvF2y6qQX6t5k7MIfJv Uh9dDpOdLy76XhNoV+vKTnolCudc672kSKXigSlgp9OwYUbD8i0YtcvEwEiYo5Q/5rVtTnj8N vUJeBe5FH7+GCsghOF6tkPCRX/NHL0sBFng/GkjMnKQ1t5MzimdPs85xQuecLyjQtUeFUMiVN iNkEwxFPA1dfXeaxWEtaM8lJXH0LLKII35+Y1UNDDY3+yIRBtdwI4xsHoSvQXiDQjcUmRRlZo oONLtkTuDRH036H26hwup/9PZwC1DhjpjUBj10IcZRTI9v0mV0TBMZWw/lG4UN9InP4pl65kf rcKUSpK/tyN40DOojjNrLRUMkdTeav2oj4xK4SqyrpwwtOpdWw8TmctdOzwnUAcpKFag2mMxe bUiEtbYbmniXP1Y/mfhiqYSf19JZVmWgmOI4tCFdg5ESpYTHOeyeJw5hEL2ZTz8bs5iQN7VQj ZZdirz6ylO7pOcowvUwLxes2aAq1ji0nS5fbMPvXqd+NBR0xhqI0gOKTDDy05vz42AbkoUuF3 2kmF9NvzbVXGuOFDxHBJTA46I8mB0QznP3e/4vxrxkeiV1wPRaNt8Q4laPHMgPgrj0MuF0sE X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 212.227.17.20 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:239613 Archived-At: Bruno F=C3=A9lix Rezende Ribeiro writes: > Hello Emacs developers, Hi Bruno, > Please, find attached =E2=80=98tramp-auto-auth.el=E2=80=99. Quoting from= its commentary > header section: > > This library provides =E2=80=98tramp-auto-auth-mode=E2=80=99: a global = minor mode > whose purpose is to automatically feed TRAMP sub-processes with > passwords for paths matching regexps. This is useful in situations > where interactive user input is not desirable or feasible. For > instance, in sub-nets with large number of hosts or whose hosts have > dynamic IPs assigned to them. In those cases it=E2=80=99s not practica= l to > query passwords using the =E2=80=98auth-source=E2=80=99 library, since = this would > require each host to be listed explicitly and immutably in a Netrc > file. Another scenario where this mode is useful are non-interactive > Emacs sessions (like those used for batch processing or by evaluating > =E2=80=98:async=E2=80=99 Org Babel source blocks) in which it=E2=80=99s= impossible for the > user to answer a password-asking prompt. Thanks for this. Frankly, I'm not enthusiastic adding cleartext passwords into Tramp. This has all the security flaws you know, and is good for problems. At least in core Tramp it shouldn't be propagated. > This library has proved extremely useful for my work using Emacs to > access remote machines in the aforementioned conditions and whose > authentication policies I couldn=E2=80=99t change. For quite some time, = I=E2=80=99ve > searched extensively for ways of accomplishing the same task with a > practical setup, to no avail. Perhaps you could comment on alternative > approaches you had experience with but I failed to contemplate. Emacs has the password infrastructure auth-source.el and password-cache.el, which do their best to avoid password related problems. If they do not fit your needs, they shall be extended. The best approach would be if auth-source would support regular expressions for the declarations of items. Instead of applying declaring machine MYMACHINE login MYLOGINNAME password MYPASSWORD port MYPORT one would declare something like machine-regexp REGEXP login MYLOGINNAME password MYPASSWORD port MYPORT I have used the netrc syntax, and I have add a new keyword; but any other backend shall work also. I've shortly scanned debbugs; there doesn't exist (yet) a request to support regular expressions. Maybe you write a bug report about? Another approach could be to use different Tramp methods. You could declare password MYPASSWORD port method1 password OTHERPASSWORD port method2 In Tramp, you would declare new methods method1 and method2, derived from (for example) ssh. Then you can open /method1:host:/path/to/file for a host which uses MYPASSWORD, and you can open /method2:otherhost:/path/to/file for a host which uses OTHERPASSWORD. > Thanks in advance, > Bruno Best regards, Michael.