bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#74105: 30.0.92; Some issues in TRAMP NEWS entries

From: Michael Albinus
Subject: bug#74105: 30.0.92; Some issues in TRAMP NEWS entries
Date: Sun, 03 Nov 2024 16:01:03 +0100
User-agent: Gnus/5.13 (Gnus v5.13) 
Sean Whitton <spwhitton@spwhitton.name> writes:

> Hello,

Hi Sean,

> So how about just
>
>     In previous Emacs versions this was indicated by the
>     connection property "direct-async-process".  That connection
>     property (though not connection properties and
>     `tramp-connection-properties' in general) is now deprecated.

Thanks. I've pushed your rephrased version to the emacs-30 repo.

> I still think it would be a good idea to give an answer to "just turn
> this on for everything, please" in the manual.

I've added the following to the Tramp manual (after the example with
'remotehost'):

--8<---------------cut here---------------start------------->8---
   This enables direct async processes for the host ‘remotehost’.  If
you want to enable direct async processes for all remote hosts
connected via the same method (e.g., ‘ssh’), use instead

     (connection-local-set-profiles
      '(:application tramp :protocol "ssh")
      'remote-direct-async-process)
--8<---------------cut here---------------end--------------->8---

Pushed to emacs-30.

>>> (3) Has there been a change to how password caching works?
>>>
>>>     I tried deleting the session-timeout configuration.  I made a
>>>     /sudo:: connection.  After some time passed, I saw the familiar
>>>     "Tramp connection timed out" message.  But it reconnected
>>>     immediately when I tried to save a buffer I had open.  Does it now
>>>     cache the sudo password?  In the past, you had to type it again,
>>>     after the timeout.
>>>
>>>     If there is a change here, it's security-relevant, so it should
>>>     probably be in NEWS.
>>
>> Likely, you're trapped by the following change, documented in NEWS.29:
>>
>> --8<---------------cut here---------------start------------->8---
>> *** Proper password prompts for methods "doas", "sudo" and "sudoedit".
>> The password prompts for these methods reflect now the credentials of
>> the user requesting such a connection, and not of the user who is the
>> target.  This has always been needed, just the password prompt and the
>> related 'auth-sources' entry were wrong.
>> --8<---------------cut here---------------end--------------->8---
>>
>> If it is something else, we need to debug.
>
> Hmm, isn't this NEWS.29 change just a change in the password prompt?  I
> don't see how that applies to what I described.
>
> Unless it caches the sudo password, it shouldn't have been able to
> reconnect.

No, there is also a change in the user name in .authinfo and
friends. The Tramp manual says:

--8<---------------cut here---------------start------------->8---
   For the methods ‘doas’, ‘sudo’, ‘sudoedit’ and ‘nspawn’ the
password of the user requesting the connection is needed, and not the
password of the target user(1).  If these connections happen on the
local host, an entry with the local user and local host is used:

     machine HOST port sudo login USER password secret

   USER and HOST are the strings returned by ‘(user-login-name)’ and
‘(system-name)’.  If one of these methods is connected via a multi-hop
(*note Multi-hops::), the credentials of the previous hop are used.
--8<---------------cut here---------------end--------------->8---

Before Emacs 29, you needed "login root" instead. This change was
mentioned in the etc/NEWS file indirectly, by saying "related
'auth-sources' entry":

--8<---------------cut here---------------start------------->8---
This has always been needed, just the password prompt and the
related 'auth-sources' entry were wrong.
--8<---------------cut here---------------end--------------->8---

Best regards, Michael.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]