Bugzilla – Bug 280
Sudo Askpass
Last modified: 2008-06-11 09:19:06 MDT
Have discussed this with Todd a bit already, putting here for safe keeping at his request. The general idea is to provide an ssh askpass like mechanism to sudo. This would allow distributions to generalize a lot of the root authentication into just using sudo. Right now there are quite a few graphical sudo applications and all must use forking and pipes to communicate with sudo which is pretty ugly. This also means that it's harder to create launchers and such in a generic way that will work for any desktop environment. Now there could be other ways to achieve this (debian alternatives system for example), but having it integrated right into sudo would be the best route imo as it provides a consistent interface for all distributions and desktop environments.
I have the beginnings of askpass support done and will update this bug when it is more complete.
I've committed a first cut of askpass support to the cvs tree. I haven't decided what to use as a bundled askpass program. The OpenSSH version is a bit ugly but if I can remedy that a bit I may just use that.
(In reply to comment #2) > I've committed a first cut of askpass support to the cvs tree. I > haven't decided what to use as a bundled askpass program. The OpenSSH > version is a bit ugly but if I can remedy that a bit I may just use > that. > Well I'm not sure it's exactly necessary to provide an example program since OpenSSH does come with one. Even so, not something to worry too much about I think since most desktop environments replace the default askpass program with something else anyway.
Sudo askpass support is present in sudo 1.7b3, http://www.sudo.ws/sudo/dist/beta/sudo-1.7b3.tar.gz There is a new --with-askpass=PATH configure option (the path may also be specified in sudoers). Please give it a shot and let me know how it goes.
(In reply to comment #4) > Sudo askpass support is present in sudo 1.7b3, > http://www.sudo.ws/sudo/dist/beta/sudo-1.7b3.tar.gz > > There is a new --with-askpass=PATH configure option (the path may also > be specified in sudoers). > > Please give it a shot and let me know how it goes. > Any chance of having the ability to define an environment variable as well? This is the way SSH works and offers the most flexibility since a desktop environment can update this on the fly without the user having to intervene. If someone happens to have more then 1 desktop environment then this would be the best route.
(In reply to comment #5) > (In reply to comment #4) > > Sudo askpass support is present in sudo 1.7b3, > > http://www.sudo.ws/sudo/dist/beta/sudo-1.7b3.tar.gz > > > > There is a new --with-askpass=PATH configure option (the path may also > > be specified in sudoers). > > > > Please give it a shot and let me know how it goes. > > > > Any chance of having the ability to define an environment variable as > well? This is the way SSH works and offers the most flexibility since > a desktop environment can update this on the fly without the user > having to intervene. If someone happens to have more then 1 desktop > environment then this would be the best route. > Disregard that, actually tried it out and it does look for SUDO_ASKPASS. Very cool, I hope others notice this addition and begin to use it.
Marking as fixed now that sudo 1.7.0 is in release candidate mode.