emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tramp.el: remote processes and password-cache

From: Mario Lang
Subject: tramp.el: remote processes and password-cache
Date: Wed, 05 Mar 2014 23:41:51 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) 
Hi.

Playing with remote processes in eshell I stumbled across
unexpected behaviour.  I have tried several methods, including scpc to
make sure that ControlMaster would be used, and as far as I can tell, it
is being used for normal TRAMP operations, since I do only have to enter
my password once.  However, when invoking a remote process, I am always
being reasked for a password, even if I invoke several remote processes
in a row.  I had expected `password-cache-expiry' to have an effect, but
it did not.  Digging through the code I found this call to
`password-cache-remove' in `tramp-read-passwd', and yes, removing the
call does solve my problem.  If I invoke several remote
processes in a row, my setting of `password-cache-expiry' is actually
honored and the password is cached.  I am sort of confused about this
code though.  As far as I can tell, removing the clearing of the cache
entry does not impose any security problems, since the password has been
cached previously already.  We just stop removing the
cache entry before it could actually get used.  However, I get the
feeling this piece of code used to do something useful.  All I can tell
from here is that removing it solves a bug I observe.  I'd actually like
to see `password-cache-expiry' to be taken into account for remote
processes.
If this is to prevent failing authentification due to changed passwords,
I think the default setting of `password-cache-expiry' is still
low enough to allow for removing of the cache clearing without
a lot of user problems.  If a user chooses to configure a much higher
cache expiry time they should be aware of that (rather rare?) problem
anyways.

Can you comment on this issue please?

--- a/lisp/net/tramp.el
+++ b/lisp/net/tramp.el
@@ -4131,9 +4131,6 @@ Invokes `password-read' if available, `read-passwd' else."
                    "password" tramp-current-host tramp-current-method)))
           ;; Try the password cache.
           (when (functionp 'password-read)
-            (unless (tramp-get-connection-property
-                     v "first-password-request" nil)
-              (tramp-compat-funcall 'password-cache-remove key))
             (let ((password
                    (tramp-compat-funcall 'password-read pw-prompt key)))
               (tramp-compat-funcall 'password-cache-add key password)

-- 
CYa,
  ⡍⠁⠗⠊⠕
reply via email to
[Prev in Thread] Current Thread [Next in Thread]