<?xml version='1.0'?> <!--*-nxml-*--> <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> <!-- This file is part of systemd. Copyright 2011 Lennart Poettering systemd is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. systemd is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with systemd; If not, see <http://www.gnu.org/licenses/>. --> <refentry id="systemd-ask-password"> <refentryinfo> <title>systemd-ask-password</title> <productname>systemd</productname> <authorgroup> <author> <contrib>Developer</contrib> <firstname>Lennart</firstname> <surname>Poettering</surname> <email>lennart@poettering.net</email> </author> </authorgroup> </refentryinfo> <refmeta> <refentrytitle>systemd-ask-password</refentrytitle> <manvolnum>1</manvolnum> </refmeta> <refnamediv> <refname>systemd-ask-password</refname> <refpurpose>Query the user for a system password</refpurpose> </refnamediv> <refsynopsisdiv> <cmdsynopsis> <command>systemd-ask-password <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="opt">MESSAGE</arg></command> </cmdsynopsis> </refsynopsisdiv> <refsect1> <title>Description</title> <para><command>systemd-ask-password</command> may be used to query a system password or passphrase from the user, using a question message specified on the command line. When run from a TTY it will query a password on the TTY and print it to STDOUT. When run with no TTY or with <option>--no-tty</option> it will query the password system-wide and allow active users to respond via several agents. The latter is only available to privileged processes.</para> <para>The purpose of this tool is to query system-wide passwords -- that is passwords not attached to a specific user account. Examples include: unlocking encrypted hard disks when they are plugged in or at boot, entering an SSL certificate passphrase for web and VPN servers.</para> <para>Existing agents are: a boot-time password agent asking the user for passwords using Plymouth; a boot-time password agent querying the user directly on the console; an agent requesting password input via a <citerefentry><refentrytitle>wall</refentrytitle><manvolnum>1</manvolnum></citerefentry> message; an agent suitable for running in a GNOME session; a command line agent which can be started temporarily to process queued password requests; a TTY agent that is temporarily spawned during <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> invocations.</para> <para>Additional password agents may be implemented according to the <ulink url="http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents">systemd Password Agent Specification</ulink>.</para> <para>If a password is queried on a tty the user may press TAB to hide the asterisks normally shown for each character typed. Pressing Backspace as first key achieves the same effect.</para> </refsect1> <refsect1> <title>Options</title> <para>The following options are understood:</para> <variablelist> <varlistentry> <term><option>-h</option></term> <term><option>--help</option></term> <listitem><para>Prints a short help text and exits.</para></listitem> </varlistentry> <varlistentry> <term><option>--icon=</option></term> <listitem><para>Specify an icon name alongside the password query, which may be used in all agents supporting graphical display. The icon name should follow the <ulink url="http://standards.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html">XDG Icon Naming Specification</ulink>.</para></listitem> </varlistentry> <varlistentry> <term><option>--timeout=</option></term> <listitem><para>Specify the query timeout in seconds. Defaults to 90s.</para></listitem> </varlistentry> <varlistentry> <term><option>--no-tty</option></term> <listitem><para>Never ask for password on current TTY even if one is available. Always use agent system.</para></listitem> </varlistentry> <varlistentry> <term><option>--accept-cached</option></term> <listitem><para>If passed accept cached passwords, i.e. passwords previously typed in.</para></listitem> </varlistentry> <varlistentry> <term><option>--multiple</option></term> <listitem><para>When used in conjunction with <option>--accept-cached</option> accept multiple passwords. This will output one password per line.</para></listitem> </varlistentry> </variablelist> </refsect1> <refsect1> <title>Exit status</title> <para>On success 0 is returned, a non-zero failure code otherwise.</para> </refsect1> <refsect1> <title>See Also</title> <para> <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>plymouth</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>wall</refentrytitle><manvolnum>1</manvolnum></citerefentry> </para> </refsect1> </refentry>