Bug 102434 - can't get password prompt on tty in vnc-4.0-0.beta3.5.1
Summary: can't get password prompt on tty in vnc-4.0-0.beta3.5.1
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: vnc
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Adam Tkac
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-08-15 00:42 UTC by Jonathan Kamens
Modified: 2013-04-30 23:33 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-10-24 07:51:26 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
new option -passwdInput. type -passwdInput=true to get passwd on stdin (1.92 KB, patch)
2006-10-10 08:06 UTC, Adam Tkac
no flags Details | Diff
recreated patch for src 4-1_1_2 (2.06 KB, patch)
2006-10-18 08:26 UTC, Adam Tkac
no flags Details | Diff

Description Jonathan Kamens 2003-08-15 00:42:08 UTC
I have several expect scripts which run vncviewer and interact with it to send
the password to it.  In the new Raw Hide version of vnc, 4.0-0.beta3.5.1,
vncviewer now prompts for the password with a window instead of in the tty from
which it was run.  There is no way to disable this behavior.  There should be a
way to tell vncviewer to prompt for a password on the tty so that scripts which
rely on being able to send a password to vncviewer will continue to work (albeit
perhaps with mods to add the command-line option to toggle the tty-prompting
behavior).

In other words, in my mind this enhancement is actually a regression in
functionality.

Comment 1 Tim Waugh 2003-08-15 08:54:55 UTC
I think you can script passwords into vncviewer using vncpasswd to create a
password file and then specifying 'passwd=[file]' on the vncviewer command line.
 But vncpasswd is in the vnc-server package.

Would you like to suggest an option name for telling vncviewer to read the
password from its tty?

Comment 2 Jonathan Kamens 2003-08-15 13:05:44 UTC
Yes, that's what I ended up doing (vncpasswd), but it's far from an ideal 
solution, since it requires significant modifications to the calling script (as 
opposed to simply adding a command-line option to the vncviewer invocation to 
get tty prompting back) and since it requires exposing password information in  
a file.

I don't really care what the command-line option to get tty prompting is, as 
long as there is one :-).


Comment 3 Tim Waugh 2003-08-15 13:46:09 UTC
Why does using passwd=file require exposing password information in a file any
more than putting it in an expect script?

Comment 4 Jonathan Kamens 2003-08-15 15:01:28 UTC
I don't have the password hard-coded in the expect script.  I prompt the user 
for it and then pass it along to vncviewer.


Comment 5 Tim Waugh 2003-08-15 15:06:10 UTC
You could do the same with vncpasswd though, couldn't you?

Comment 6 Jonathan Kamens 2003-08-15 15:07:40 UTC
I'm not sure what you mean.  Vncpasswd stores the password in a file.  It's 
encoded, yes, but it's a trivial encoding which is easy to break.  This file is 
then passed to vncserver as a command-line argument.  In the interim the 
password is exposed in the file.

If vncviewer prompts for the password on the tty directly, it is never stored 
in a file.


Comment 7 Bill Nottingham 2006-08-08 01:45:24 UTC
'Red Hat Raw Hide' refers to the development tree for Red Hat Linux.
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Red Hat apologizes that these issues were not resolved in a more
timely manner. However, we do want to make sure that important 
don't slip through the cracks. If these issues are still present
in a current release, such as Fedora Core 5, please move these
bugs to that product and version. Note that any remaining Red Hat
Raw Hide bugs will be closed as 'CANTFIX' on September 30, 2006.
Thanks again for your help.


Comment 8 Jonathan Kamens 2006-09-03 07:14:32 UTC
Still a problem in vnc-4.1.2-3.fc6 in Fedora Core devel.

Comment 9 Adam Tkac 2006-10-04 12:22:42 UTC
If I understand well you want pass password through vncviewer option, don't you??

Comment 10 Jonathan Kamens 2006-10-05 00:43:19 UTC
No, I don't want to pass the password through a command-line option.  That's a
security hole, since other people will be able to see the password on the
command line by running "ps".  I want to be able to feed the password to
vncviewer on stdin, just as I could before it started insisting on prompting for
it in an X window.  In other words, I want there to be a command-line option
which tells vncviewer to prompt for the password on stdin instead of graphically.


Comment 11 Adam Tkac 2006-10-10 08:06:15 UTC
Created attachment 138122 [details]
new option -passwdInput. type -passwdInput=true to get passwd on stdin

I've added new vncviewer option to obtain password on stdin. You can now pass
your password through |.

Comment 12 Adam Tkac 2006-10-18 08:26:45 UTC
Created attachment 138766 [details]
recreated patch for src 4-1_1_2

Comment 13 Fedora Update System 2006-10-20 19:25:17 UTC
vnc-4.1.2-4.fc7 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 14 Adam Tkac 2006-10-24 07:51:26 UTC
oops, sorry for comment #13. vnc-4.1.2-4.fc6 has been pushed for fc6


Note You need to log in before you can comment on or make changes to this bug.