Mailinglist Archive: opensuse-buildservice (176 mails)

< Previous Next >
Re: [opensuse-buildservice] Avoiding leaked passwords in ~/.oscrc
On 2017-03-06 14:24:19 -0500, Greg Ward wrote:
we use OBS in an environment where everyone can see everybody else's
home dirs, so it takes very little abuse of sudo to read my co-workers'
~/.oscrc files. From there it's trivial to decode 'passx' and steal my
co-workers' OBS passwords.

Is there a way to avoid this? And if so, is it documented anywhere?

You can use the python-keyring module to store your credentials.
Enabling it is a bit awkward at the moment:

- osc config general use_keyring 1
- manually enter the credentials into the keyring or
* delete the whole [https://<your_apiurl>] section from your ~/.oscrc
(instead of deleting the section a temporary rename is also
possible...)
* run an arbitrary osc command, for instance,
"osc -A https://<your_apiurl> ls" and enter your credentials


Marcus
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
References