DFpass
DFpass — Locally manage user credentials for client-side command-line programs.
Synopsis
DFpass
{[-add] | [-replace] | [-remove]}
{servername:username}
Description
Several command-line programs, namely DFattach, DFbatch, DFexport, DFpdfpkg,
DFreport and DFuserPerms,
connect to study databases and require valid database credentials for
the database connection to succeed.
Each of these programs already permits the use of command-line
options -S, -U and -C for
specifying the needed servername, username and password credentials.
Similarly, the DFSERVER, DFUSER and
DFPASSWD environment variables may be assigned values
and used.
DFpass is a convenience program that allows a user to locally store the password part of these credentials in a secure manner. Use of DFpass is not required but it is recommended for command-line users, and is strongly encouraged for users that write shell scripts and/or schedule program execution with facilities like UNIX cron.
DFpass manages credentials for the current user by keeping a local, user-specific database file of servername, username and password triples. Each record in the database is an encrypted representation of the credentials for one unique combination of servername, username and password. With DFpass one can add new records, update existing records with a new password and remove records.
Use of DFpass requires command-line specification of the action to be taken (one of: add, replace or remove) and the servername and username to which the action applies:
if the
-addaction is specified, the combination of servername and username must not match a previously added entry that is already being managed locally by DFpass. The user is prompted to enter their password. DFpass obscures the password as it is typed in and requires the user to confirm by entering the password again. If the passwords match exactly, the password is accepted and saved locally for the user.if the
-replaceaction is specified, the combination of servername and username must match a previously added entry that is already being managed locally by DFpass. The user is prompted to enter their new password. DFpass obscures the password as it is typed in and requires the user to confirm by entering the password again. If the passwords match exactly, the password is accepted and saved locally for the user.if the
-removeaction is specified, the combination of servername and username must match a previously added entry that is already being managed locally by DFpass.
In all cases, DFpass prints a message confirming that the requested action was action, or an error message if the action could not be completed.
![[Important]](../../imagedata/important.png) | Important |
|---|---|
|
DFpass does not confirm that the supplied servername, username and password combination is valid. This is the responsibility of the user. |
Password management
DFpass is not a replacement for the existing DFdiscover tools for managing user credentials, nor does it offer the same functionality. User credentials must still be created and managed within DFdiscover using standard methods. DFpass simply allows you to write and read those credentials locally in a way that does not expose passwords as clear text.
Adding entries with DFpass does not add credentials for the user to DFdiscover.
It is vitally important that the entries made with DFpass match existing
DFdiscover credentials, otherwise those entries are of no value.
Users must also be aware that updating a password in DFdiscover does
not update the local information managed by DFpass; this must be done
separately with the -replace action.
Options
-add | -replace | -remove | action to take (required). |
servername:username | the specific credentials to add, replace or remove
(required).
For the |
Exit Status
DFpass exits with one of the following statuses:
0 | The command was successful. |
1 | The command was not successful. |