Questions about sudo password accepted with -K argument

John_Leo_Huetter · March 16, 2016, 7:37am

Hello Ansible experts:

Can you please let me know what is done with the password accepted with the -K argument.

Is it in memory only, in a file in /tmp ?

Is it encrypted? If so, how specifically.

Is it available anywhere on the file system for a snooper to see?

Is it deleted after the command is finished?

If the ansible playbook execution is killed halfway through via kill -9, is this password left out on the file system anywhere?

I tried running with strace and lsof and snooping around. I should not be able to find it, right?

John

Brian_Coca · March 17, 2016, 12:19am

It is in memory until the playbook end, it gets passed to remote hosts under the connection (which is encrypted) when prompted for.

It should not be written to disk in any circumstance

John_Leo_Huetter · March 17, 2016, 12:27am

Thanks!

Topic		Views
Ansible playbook command issue not running successful without -K Ansible Project	2	September 28, 2020
Support for sudo with a password in latest git (master branch)! Ansible Project	0	April 13, 2012
Ask for sudo password on-demand/Why does ansible run sudo -k? Ansible Developer	10	January 16, 2014
Totally Stuck... Ansible Project	4	October 2, 2014
Ansible doesn't appear to cache sudo auth for each task in a playbook... is this correct? Ansible Developer	5	May 25, 2014