Re: auth-source source password lookup for ssh + sudo

[Kai Tetzlaff]

Michael Albinus <michael.albinus@gmx.de> writes:

Hi Michael,

> The adapted patch is appended, and it works (in my environment) for
> local and remote sudo, for remote doas, and for local sudoedit.
>
> Waiting for comments :-)

here you are:

1. /ssh:remoteuser@host.example.com|sudo::/etc/passwd

> Fixed. It should ask now 'Password for
> /sudo:remoteuser@host.example.com: '

   Yes, it does. I also tested local sudo (`/sudo::/etc/passwd`) and
   sudoedit (`/sudoedit::/etc/passwd`). All look good. I didn't try `doas`
   since I don't have it installed.

2. /ssh:host.example.com|sudo::/etc/passwd

   a. now there is only a password prompt without any auth-source
      lookup attempt:

          `Password for /sudo:host.example.com: `

   => Not sure, but it might make sense to start an auth-source lookup
      for just hostname/port instead of skipping it completely (for
      my own use case this would not make a difference since I don't
      store host (only) passwords).

4. Result with 2nd version of your patch and an additional
   '(nil "host.example.com" "remoteuser") in tramp-default-user-alist:

   a. auth-source lookup:

          host="host.example.com", user="remoteuser", port="sudo"

   b. password prompt:

          `Password for /sudo:remoteuser@host.example.com: `

      (skipped if a. succeeds).

   => Great!

Now, the question is if this can just be added to TRAMP as it does
change existing behavior. From my perspective it is a clear improvement
and the current implementation could be considered as a bug. What do you
think?

Thanks a lot, Best Regards and have a nice weekend,
Kai