blob: db5cb20db5f51a44f9036495abf235ae6498431e [file] [log] [blame] [raw]
<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
This file is part of systemd.
Copyright 2011 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
<refentry id="systemd-ask-password">
<refentryinfo>
<title>systemd-ask-password</title>
<productname>systemd</productname>
<authorgroup>
<author>
<contrib>Developer</contrib>
<firstname>Lennart</firstname>
<surname>Poettering</surname>
<email>lennart@poettering.net</email>
</author>
</authorgroup>
</refentryinfo>
<refmeta>
<refentrytitle>systemd-ask-password</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>systemd-ask-password</refname>
<refpurpose>Query the user for a system password</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>systemd-ask-password <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="opt">MESSAGE</arg></command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para><command>systemd-ask-password</command> may be
used to query a system password or passphrase from the
user, using a question message specified on the
command line. When run from a TTY it will query a
password on the TTY and print it to standard output. When run
with no TTY or with <option>--no-tty</option> it will
query the password system-wide and allow active users
to respond via several agents. The latter is
only available to privileged processes.</para>
<para>The purpose of this tool is to query system-wide
passwords -- that is passwords not attached to a
specific user account. Examples include: unlocking
encrypted hard disks when they are plugged in or at
boot, entering an SSL certificate passphrase for web
and VPN servers.</para>
<para>Existing agents are: a boot-time password agent
asking the user for passwords using Plymouth; a
boot-time password agent querying the user directly on
the console; an agent requesting password input via a
<citerefentry><refentrytitle>wall</refentrytitle><manvolnum>1</manvolnum></citerefentry>
message; an agent suitable for running in a GNOME
session; a command line agent which can be started
temporarily to process queued password requests; a TTY
agent that is temporarily spawned during
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
invocations.</para>
<para>Additional password agents may be implemented
according to the <ulink
url="http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents">systemd
Password Agent Specification</ulink>.</para>
<para>If a password is queried on a TTY, the user may
press TAB to hide the asterisks normally shown for
each character typed. Pressing Backspace as first key
achieves the same effect.</para>
</refsect1>
<refsect1>
<title>Options</title>
<para>The following options are understood:</para>
<variablelist>
<varlistentry>
<term><option>-h</option></term>
<term><option>--help</option></term>
<listitem><para>Prints a short help
text and exits.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--icon=</option></term>
<listitem><para>Specify an icon name
alongside the password query, which may
be used in all agents supporting
graphical display. The icon name
should follow the <ulink
url="http://standards.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html">XDG
Icon Naming
Specification</ulink>.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--timeout=</option></term>
<listitem><para>Specify the query
timeout in seconds. Defaults to
90s. A timeout of 0 waits indefinitely.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--no-tty</option></term>
<listitem><para>Never ask for password
on current TTY even if one is
available. Always use agent
system.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--accept-cached</option></term>
<listitem><para>If passed, accept
cached passwords, i.e. passwords
previously typed in.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--multiple</option></term>
<listitem><para>When used in
conjunction with
<option>--accept-cached</option>
accept multiple passwords. This will
output one password per
line.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Exit status</title>
<para>On success, 0 is returned, a non-zero failure
code otherwise.</para>
</refsect1>
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>plymouth</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>wall</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>