Re: [Fab-user] specifying login and password?

fab-user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fab-user] specifying login and password?

From:	Christian Vest Hansen
Subject:	Re: [Fab-user] specifying login and password?
Date:	Wed, 18 Feb 2009 23:40:04 +0100

On Wed, Feb 18, 2009 at 11:16 PM, Timothee Besset <address@hidden> wrote:
>
> Well, here are the main problems I see:
>
> It doesn't cover one password per host, which is the case I was mostly
> concerned with. It doesn't do password based sudo either.

It does allow distinct passwords per host, but does not allow them to
be specified beforehand in the fabfile. Well, unless you generate a
fabfile per host. :)

An authentication failure will cause it to prompt for a password for
that specific host - this is also the same password that is used for
sudo on that particular host. If this password happens to not be good
enough for sudo, then it will be prompted for again. And in this
particular case (where sudo pass != login pass -- I wonder how/if that
is even possible), things could start to get confusing with a terrible
amount of passwords being constantly prompted for.

I'm not totally what you mean by "It doesn't do password based sudo
either." but I hope that cleared things up a bit.

> Specifying the
> login in the host name is a nice standard thing, but doesn't really
> address any of that.
>
> The things implemented in fabric so far work pretty well for me,
> although it's lacking in documentation, and sometimes counterintuitive
> (see the 'put' problem). It would be interesting to work on allowing
> fabric to be better integrated, such as loading a module from python,
> and dynamically driving some of the core functionality.

Jeff got plans in this direction.

> I find myself
> generating fabfiles from scripts and running them ..
>
> TTimo
>
>> On Wed, Feb 18, 2009 at 9:46 PM, Leah Culver <address@hidden> wrote:
>>
>>> I'm also very interested in this issue since my project has different users
>>> that are allowed to deploy (but aren't the root user).
>>>
>>> Are you considering bubbling up the password prompt? I wouldn't mind having
>>> to enter my password for each operation that requires it and then no
>>> passwords really need to be passed around.
>>>
>>> Thanks,
>>> Leah
>>>
>>>
>>>
>>> On Wed, Feb 18, 2009 at 12:40 PM, Jeff Forcier <address@hidden> wrote:
>>>
>>>> Hi Timothee,
>>>>
>>>> Nicolas is largely correct, the "best" way to handle this is to use
>>>> SSH key-based authentication, which then means you won't need to be
>>>> prompted for any passwords during the connection phase.
>>>>
>>>> However, that's only a partial solution because you'll still need to
>>>> do each password in the event of a sudo() operation, assuming your
>>>> connection user doesn't have blanket passwordless sudo (not
>>>> recommended!).
>>>>
>>>> We don't really have good password management in Fabric right now, and
>>>> storing user passwords in general is always a tricky issue, so while
>>>> I'd like to put something in to make it more convenient in your case
>>>> (many different passwords across systems) it will take some
>>>> deliberation about how to best do it, or if it's something we should
>>>> *be* doing.
>>>>
>>>> Rest assured that the issue is on the table, however :)
>>>>
>>>> Best,
>>>> Jeff
>>>>
>>>> On Wed, Feb 18, 2009 at 2:55 PM, Nicolas Steinmetz <address@hidden>
>>>> wrote:
>>>>
>>>>> 2009/2/18 Timothee Besset <address@hidden>
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> New user .. finding documentation very, very scarce ..
>>>>>>
>>>>>> Is there a way to specify login and password along with the hosts list?
>>>>>> I want to use fab to configure a fairly large number of machines with
>>>>>> different access settings.
>>>>>>
>>>>> One solution would be to use ssh connections with key (and then without
>>>>> managing login & password). It depends whether your architecture allows
>>>>> it
>>>>> or not.
>>>>> Not really a direct answer, sorry.
>>>>> Otherwise, did you look at sudo command, you should be able to use a
>>>>> login
>>>>> and maybe a password too.
>>>>> Hope it helps a little bit,
>>>>> Nicolas
>>>>> --
>>>>> Nicolas Steinmetz
>>>>> http://www.steinmetz.fr - http://www.unelectronlibre.info/
>>>>>
>>>>> _______________________________________________
>>>>> Fab-user mailing list
>>>>> address@hidden
>>>>> http://lists.nongnu.org/mailman/listinfo/fab-user
>>>>>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Fab-user mailing list
>>>> address@hidden
>>>> http://lists.nongnu.org/mailman/listinfo/fab-user
>>>>
>>> _______________________________________________
>>> Fab-user mailing list
>>> address@hidden
>>> http://lists.nongnu.org/mailman/listinfo/fab-user
>>>
>>>
>>>
>>
>>
>>
>>
>
>
>
> _______________________________________________
> Fab-user mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/fab-user
>



-- 
Venlig hilsen / Kind regards,
Christian Vest Hansen.

[Prev in Thread]

Current Thread

[Next in Thread]

[Fab-user] specifying login and password?, Timothee Besset, 2009/02/18
- [Fab-user] Re: specifying login and password?, Timothee Besset, 2009/02/18
- Re: [Fab-user] specifying login and password?, Nicolas Steinmetz, 2009/02/18
  - Re: [Fab-user] specifying login and password?, Jeff Forcier, 2009/02/18
    - Re: [Fab-user] specifying login and password?, Leah Culver, 2009/02/18
    - Re: [Fab-user] specifying login and password?, Christian Vest Hansen, 2009/02/18
    - Re: [Fab-user] specifying login and password?, Timothee Besset, 2009/02/18
    - Re: [Fab-user] specifying login and password?, Christian Vest Hansen <=
    - Re: [Fab-user] specifying login and password?, Timothee Besset, 2009/02/18
    - Re: [Fab-user] specifying login and password?, Christian Vest Hansen, 2009/02/18

Prev by Date: Re: [Fab-user] specifying login and password?
Next by Date: Re: [Fab-user] trivial put test case fails?
Previous by thread: Re: [Fab-user] specifying login and password?
Next by thread: Re: [Fab-user] specifying login and password?
Index(es):
- Date
- Thread