Re: tramp-auto-auth.el --- TRAMP automatic authentication library

["Bruno Félix Rezende Ribeiro" <oitofelix@gnu.org>]

[-- Attachment #1: Type: text/plain, Size: 2384 bytes --]

Hello Michael and other GNU Emacs developers,

Thanks for your reply.

Michael Albinus <michael.albinus@gmx.de> writes:

> Frankly, I'm not enthusiastic adding cleartext passwords into
> Tramp. This has all the security flaws you know, and is good for
> problems. At least in core Tramp it shouldn't be propagated.

Please, find attached the implementation of tramp-auto-auth.el using
exclusively the auth-source library.

I did as you suggested except that I didn’t add a new keyword nor made
any change to auth-source.el.

Quoting from the commentary section:

   When a TRAMP prompt is encountered, ‘tramp-auto-auth-mode’ queries
   the alist ‘tramp-auto-auth-alist’ for the auth-source spec value
   whose regexp key matches the correspondent TRAMP path.  This spec
   is then used to query the auth-source library for a presumably
   phony entry exclusively dedicated to the whole class of TRAMP
   paths matching that regexp.

   To make use of the automatic authentication feature, on the Lisp
   side the variable ‘tramp-auto-auth-alist’ must be customized to
   hold the path regexps and their respective auth-source specs, and
   then ‘tramp-auto-auth-mode’ must be enabled.  For example:

   ---- ~/.emacs.el -------------------------------------------------
   (require 'tramp-auto-auth)

   (add-to-list
    'tramp-auto-auth-alist
    '("root@10\\.0\\." .
      (:host "Funny-Machines" :user "root" :port "ssh")))

   (tramp-auto-auth-mode)
   ------------------------------------------------------------------

   After this, just put the respective sacred secret in an
   authentication source supported by auth-source library.  For
   instance:

   ---- ~/.authinfo.gpg ---------------------------------------------
   machine Funny-Machines login root password "$r00tP#sWD!" port ssh
   ------------------------------------------------------------------

   In case you are feeling lazy or the secret is not so secret (nor so
   sacred) -- or for any reason you need to do it all from Lisp --
   it’s enough to:

   (auth-source-remember '(:host "Funny-Machines" :user "root" :port "ssh")
   		         '((:secret "$r00tP#sWD!")))

   And happy TRAMPing!


Is this feature in this form suitable for inclusion in the TRAMP
standard distribution?

Please, let me know what you think.


[-- Attachment #2: tramp-auto-auth.el --]
[-- Type: application/emacs-lisp, Size: 6584 bytes --]

[-- Attachment #3: Type: text/plain, Size: 257 bytes --]



-- 
 88888  FFFFF Bruno Félix Rezende Ribeiro (oitofelix) [0x28D618AF]
 8   8  F     http://oitofelix.freeshell.org/
 88888  FFFF  mailto:oitofelix@gnu.org
 8   8  F     irc://chat.freenode.org/oitofelix
 88888  F     xmpp://oitofelix@riseup.net