"Daniel P. Berrange" <berrange@redhat.com> wrote:
On Thu, Nov 29, 2007 at 02:43:09PM -0500, Daniel Veillard wrote: ...
I know, I have also argued against it (and that's why libxml2 doesn't parse it), but this can be way more convenient at times, and also has the potential to remove asynchronous interaction for example when using scripts.
There's better ways to deal with scripting. eg, we could add a flag to virsh '--auth /path/to/file' where the file contained key,value pairs for each credential. Or could have an env var VIR_AUTH_FILE pointing to such a file, which can be processed by the default callback I aded. That lets you automate login, without leaking the confidential data anywhere.
Or, you could do what gpg does and use a gpg-agent-style envvar to specify socket and PID: GPG_AGENT_INFO=/path/to/socket:NNNNN:1 Then you'd use the path and pid used by your existing gpg-agent. When I started gpg-signing things regularly, I switched from ssh-agent to gpg-agent, and it takes care of auth for both gpg signing and ssh connections.