Re: TRAMP sudo method not asking for password

[Marcin Borkowski]

On 2019-01-12, at 19:44, Michael Albinus <michael.albinus@gmx.de> wrote:

> Marcin Borkowski <mbork@mbork.pl> writes:
>
> Hi all,
>
>>>> I have a very strange problem: the TRAMP sudo method stopped asking me
>>>> for the password.  How is that possible?  sudo in terminal behaves
>>>> normally, so it cannot be some global setting I messed up.
>>>>
>>>> emacs -Q does TRT, i.e., asks for the password.
>>>>
>>>> I understand that I can bisect my init.el, but it is almost 2 klines
>>>> long, so before I do that, I'd like to ask - maybe someone will know the
>>>> answer off the top of their head?
>>>>
>>>> Note: deleting ~/.emacs.d/tramp didn't help.
>>
>> I found it!
>>
>> My passwords were cached in ~/.authinfo.  After cleaning it, TRAMP asks
>> me the password again.
>>
>> Now, this file is only mentioned once in the Emacs manual, and in
>> a different context.  I think not having it even mentioned in some other
>> place is a serious security bug in the docs.  Am I correct?  If so, I'll
>> gladly file a bug report.  (I won't try to fix it myself since I do not
>> know enough to be sure I'm doing it right.)
>
> In general, your password is written to .authinfo on demand only. That
> is, either you add a respective line, or you confirm that the
> auth-sources adds this once you have entered it interactively.
>
> The latter feature has been added to Tramp some weeks ago in Emacs 27
> (don't remember the commit date). But Tramp asks you for confirmation,
> whether you agree to add the password to your .authinfo. So you have
> answered "y"; likely by accident, w/o reading the question carefully.

Probably w/o reading it at all - I guess I just used my muscle memory to
do something after I ssh'ed somewhere with TRAMP, and didn't even bother
looking at the screen.

> And this IS documented. etc/NEWS says in the Tramp section
>
> --8<---------------cut here---------------start------------->8---
> *** Validated passwords are saved by auth-source backends which support this.
> --8<---------------cut here---------------end--------------->8---
>
> And in the Tramp manual, there is in (info "(tramp) Password handling")
>
> --8<---------------cut here---------------start------------->8---
>    If there doesn’t exist a proper entry, the password is read
> interactively.  After successful login (verification of the password),
> it is offered to save a corresponding entry for further use by
> ‘auth-source’ backends which support this.  This could be changed by
> setting the user option ‘auth-source-save-behavior’ to ‘nil’.
> --8<---------------cut here---------------end--------------->8---

Well, I don't often read NEWS.  And the above is not very clear (it says
nothing about the .authinfo file, for instance).

Don't get me wrong - I'm not just complaining.  (Also, I'm very thankful
for your response!)  I just think that all this info was quite easy to
miss.

To sum it up.

1. Am I the only one that thinks that this change could be made a bit
more prominent?  Like using something like yes-or-no-p (as opposed to
y-or-n-p) by default, for example?  Saving passwords to a plain text
file is something big, which should not happen by accident, right?

2. If others agree, what can I do to help?

Best,

--
Marcin Borkowski
http://mbork.pl