2

I am using ldapsearch with its -y option where the password for the ldap server is read in from a file in order to ensure that the password is not left in the command history.

ldapsearch requires that the password be in a file with no newlines. The only way I am aware of for doing this is:

echo -n "myreallysecretpassword" > /path/to/password.txt

but obviously that puts the password in the command history, which is what I'm trying to avoid.

I assume there's a better way, could someone point me in the right direction?

Rich
  • 1,343
  • 7
  • 28
  • 39
  • 2
    If you're using `bash`, check your `HISTCONTROL`. Typically, if you prefix your command with a space, it will not be stored in your history. – jscott May 09 '11 at 12:58
  • Sadly our machines don't have HISTCONTROL set, and I can't really change those settings... – Rich May 09 '11 at 13:56

2 Answers2

4

Create the file however you want and just printf it without newline.

cat pw.txt | awk '{printf $1 }'

or

printf `cat pw.txt`
HampusLi
  • 3,478
  • 17
  • 14
  • 1
    That works great, but it still means that the password appears in the process list if someone manages to view it at just the right time. In the end I have combined your answer with @Eduardo's: cat password.txt | awk '{printf $1}' > new_password.txt. – Rich May 09 '11 at 14:03
2

You can use read to input an intermediate variable semi-securely:

read -s tempvar # enter your password and press enter - it will not echo back
echo -n $tempvar > pw.txt
unset tempvar

Of course if you're worried mostly about the command history you can disable it in bash like this:

export HISTFILE=
Eduardo Ivanec
  • 14,881
  • 1
  • 37
  • 43