Package: ldapvi
Version: 1.7-11.1+b1
Severity: wishlist
Tags: upstream
X-Debbugs-Cc: lda...@lists.askja.de
Hi,
ldapvi has an option to pass the bind password via a command-line
parameter:
-w, --password SECRET Password (also valid for SASL).
However passing credentials in this way is often insecure as other
local users/processes can see command-line parameters of all running
programs.
It would be great if one could ask ldapvi to use the contents of a
file as the password, similar to OpenLDAP's command-line utilities
(ldapsearch & others):
-y passwdfile
Use complete contents of passwdfile as the password for simple
authentication.
If this was implemented, one could pass credentials from a password
manager to ldapvi in a more secure fashion without having to manually
paste it at the right time. (I have convenience wrappers around
ldapsearch to invoke it with `-y $(password-manager)` so it just
works.)
Ansgar
