mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-08-22 18:08:16 +00:00
Code Issues Releases Wiki Activity

[#1675] kea-admin: KEA_ADMIN_DB_PASSWORD env var

Browse Source
This commit is contained in:
Andrei Pavel 2021-04-14 15:44:38 +03:00
parent fc099c9b1a
commit 6db37ae63e
No known key found for this signature in database
GPG Key ID: 86E9385BC2203766
3 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ChangeLog
View File

@ -1,15 +1,11 @@
1885. [func] andrei 1885. [func] andrei
kea-admin is now able to interactively ask for a password if no kea-admin is now able to interactively ask for a password if no
parameter follows the -p or the --password parameters. This parameter follows the -p or the --password parameters. This
requires the user to give it as the last parameter. If another requires the user to give it as the last parameter. The entered
option starting with dash follows, that would be taken as the password is not echoed back to the terminal in order to prevent
actual password, would not be processed as it should have been over-the-shoulder snooping or other social engineering
and all your parameters will be offset by one. Checking if the techniques. Alternatively, you can set the password via the
word that follows starts with dash is also not possible because KEA_ADMIN_DB_PASSWORD environment variable.
that would not allow for passwords starting with dash. Feedback
of the password to the terminal is cut off to prevent
over-the-shoulder snooping and other social engineering
techniques.
(Gitlab #1675) (Gitlab #1675)
1884. [doc] fdupont 1884. [doc] fdupont

4
doc/sphinx/man/kea-admin.8.rst
View File

@ -72,7 +72,9 @@ Arguments
``-p|--password password`` ``-p|--password password``
Specifies the password when connecting to a database. Specifies the password when connecting to a database.
If only ``-p`` or ``--password`` is given, the user is prompted for a password. If only ``-p`` or ``--password`` is given, the user is prompted for a password.
If not specified at all, the default value of **keatest** is used. If not specified at all, the **KEA_ADMIN_DB_PASSWORD** environment variable
is checked for a value and used if it exists.
Otherwise the default value of **keatest** is used.
``-n|--name database-name`` ``-n|--name database-name``
Specifies the name of the database to connect to. If not specified, the Specifies the name of the database to connect to. If not specified, the

9
src/bin/admin/kea-admin.in
View File

@ -749,6 +749,7 @@ do
;; ;;
# Specify database password # Specify database password
-p|--password) -p|--password)
password_parameter_passed=true
# If there is at least one more parameter following... # If there is at least one more parameter following...
if test "${#}" -gt 1; then if test "${#}" -gt 1; then
# Then take it as password. # Then take it as password.
@ -819,6 +820,14 @@ do
shift shift
done done
# After all the parameters have been parsed, check environment variables.
if test -z "${password_parameter_passed+x}"; then
if test -n "${KEA_ADMIN_DB_PASSWORD+x}"; then
printf 'Using the value of KEA_ADMIN_DB_PASSWORD for authentication...\n'
db_password="${KEA_ADMIN_DB_PASSWORD}"
fi
fi
case ${command} in case ${command} in
# Initialize the database # Initialize the database
db-init) db-init)