<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
        "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">

<!--
  This file is part of systemd.

  Copyright 2011 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->

<refentry id="systemd-ask-password">

        <refentryinfo>
                <title>systemd-ask-password</title>
                <productname>systemd</productname>

                <authorgroup>
                        <author>
                                <contrib>Developer</contrib>
                                <firstname>Lennart</firstname>
                                <surname>Poettering</surname>
                                <email>lennart@poettering.net</email>
                        </author>
                </authorgroup>
        </refentryinfo>

        <refmeta>
                <refentrytitle>systemd-ask-password</refentrytitle>
                <manvolnum>1</manvolnum>
        </refmeta>

        <refnamediv>
                <refname>systemd-ask-password</refname>
                <refpurpose>Query the user for a system password</refpurpose>
        </refnamediv>

        <refsynopsisdiv>
                <cmdsynopsis>
                        <command>systemd-ask-password <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="opt">MESSAGE</arg></command>
                </cmdsynopsis>
        </refsynopsisdiv>

        <refsect1>
                <title>Description</title>

                <para><command>systemd-ask-password</command> may be
                used to query a system password or passphrase from the
                user, using a question message specified on the
                command line. When run from a TTY it will query a
                password on the TTY and print it to STDOUT. When run
                with no TTY or with <option>--no-tty</option> it will
                query the password system-wide and allow active users
                to respond via several agents. The latter is
                only available to privileged processes.</para>

                <para>The purpose of this tool is to query system-wide
                passwords -- that is passwords not attached to a
                specific user account. Examples include: unlocking
                encrypted hard disks when they are plugged in or at
                boot, entering an SSL certificate passphrase for web
                and VPN servers.</para>

                <para>Existing agents are: a boot-time password agent
                asking the user for passwords using Plymouth; a
                boot-time password agent querying the user directly on
                the console; an agent requesting password input via a
                <citerefentry><refentrytitle>wall</refentrytitle><manvolnum>1</manvolnum></citerefentry>
                message; an agent suitable for running in a GNOME
                session; a command line agent which can be started
                temporarily to process queued password requests; a TTY
                agent that is temporarily spawned during
                <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
                invocations.</para>

                <para>Additional password agents may be implemented
                according to the <ulink
                url="http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents">systemd
                Password Agent Specification</ulink>.</para>

                <para>If a password is queried on a tty the user may
                press TAB to hide the asterisks normally shown for
                each character typed. Pressing Backspace as first key
                achieves the same effect.</para>

        </refsect1>

        <refsect1>
                <title>Options</title>

                <para>The following options are understood:</para>

                <variablelist>
                        <varlistentry>
                                <term><option>-h</option></term>
                                <term><option>--help</option></term>

                                <listitem><para>Prints a short help
                                text and exits.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><option>--icon=</option></term>

                                <listitem><para>Specify an icon name
                                alongside the password query, which may
                                be used in all agents supporting
                                graphical display. The icon name
                                should follow the <ulink
                                url="http://standards.freedesktop.org/icon-naming-spec/icon-naming-spec-latest.html">XDG
                                Icon Naming
                                Specification</ulink>.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><option>--timeout=</option></term>

                                <listitem><para>Specify the query
                                timeout in seconds. Defaults to
                                90s.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><option>--no-tty</option></term>

                                <listitem><para>Never ask for password
                                on current TTY even if one is
                                available. Always use agent
                                system.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><option>--accept-cached</option></term>

                                <listitem><para>If passed accept
                                cached passwords, i.e. passwords
                                previously typed in.</para></listitem>
                        </varlistentry>

                        <varlistentry>
                                <term><option>--multiple</option></term>

                                <listitem><para>When used in
                                conjunction with
                                <option>--accept-cached</option>
                                accept multiple passwords. This will
                                output one password per
                                line.</para></listitem>
                        </varlistentry>
                </variablelist>

        </refsect1>

        <refsect1>
                <title>Exit status</title>

                <para>On success 0 is returned, a non-zero failure
                code otherwise.</para>
        </refsect1>

        <refsect1>
                <title>See Also</title>
                <para>
                        <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
                        <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
                        <citerefentry><refentrytitle>plymouth</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
                        <citerefentry><refentrytitle>wall</refentrytitle><manvolnum>1</manvolnum></citerefentry>
                </para>
        </refsect1>

</refentry>