[dev] Application credentials input API (non-OS related)

From: Ciprian Dorin Craciun <ciprian.craciun_AT_gmail.com>
Date: Sun, 13 Mar 2011 17:31:53 +0200

    Hello all!

    I would like to ask the Suckless community about how they
generally solve -- or would like to solve -- the problem of user
credentials input in their applications. To be more clear, I'm not
referring to actually authenticating / authorizing users (i.e.
checking the credentials for correctness), but just about how does an
application obtain the credentials from the users. For example let's
say that we build a chat application that needs to have the users
credentials (i.e. username / password) so it can pass it -- plain text
or a cryptographic transformation -- to the server; but how does the
application request the user for such credentials?

    My main questions are about:
    a) what kind of API would the developer expect to have? (is there
such an API already?)
    b) what kind of method should actually be used? (read it from TTY,
spawn a reader process, etc?)

    For example I'm aware of a couple existing methods -- some are
pretty good solutions, some are just hacks -- but none of them have
something which resembles an API:
    * for example some applications check the `*_ASKPASS` environment
variable (or another argument) and execute that application passing in
some unstructured text, and receiving unstructured text (by
unstructured text I mean it can't be reliably processed to
automatically provide the correct password (by looking up in a
database for example), and we can't input two elements at the same
time as username and password);
    * Plan9's Factotum which exposes a pretty good protocol, but is
not used in either Linux or other Linux targeting projects; (there is
only a login prototype);
    * systemd's password agents, which come up with a more Linux-ish
"fs-oriented protocol", but which again doesn't offer any API

    Any ideas, proposals?

    P.S.: I'm interested in this because until now the only "password
manager" that I can trust to use are GPG encrypted text files, which
I'm decrypting when I need them, and then I copy paste the information
manually. (Actually I've created recently a tool that "generates" X
events to eliminate the copy pasting.) But I would be happier if there
would be a more "sane" solution for this problem -- like PAM solves
for user login.
Received on Sun Mar 13 2011 - 16:31:53 CET

This archive was generated by hypermail 2.2.0 : Sun Mar 13 2011 - 16:36:03 CET