"Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote: > On Thu, Nov 29, 2007 at 02:43:09PM -0500, Daniel Veillard wrote: ... >> I know, I have also argued against it (and that's why libxml2 doesn't >> parse it), but this can be way more convenient at times, and also >> has the potential to remove asynchronous interaction for example >> when using scripts. > > There's better ways to deal with scripting. eg, we could add a flag to > virsh '--auth /path/to/file' where the file contained key,value pairs > for each credential. Or could have an env var VIR_AUTH_FILE pointing > to such a file, which can be processed by the default callback I aded. > That lets you automate login, without leaking the confidential data > anywhere. Or, you could do what gpg does and use a gpg-agent-style envvar to specify socket and PID: GPG_AGENT_INFO=/path/to/socket:NNNNN:1 Then you'd use the path and pid used by your existing gpg-agent. When I started gpg-signing things regularly, I switched from ssh-agent to gpg-agent, and it takes care of auth for both gpg signing and ssh connections. -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list