1

I am writing an api call that requires the user id and password of the user. I can get the user id but how to get his password and supply it to a variable? Here is the api command

 curl -u $user:$password http://localhost:7180/api/v1/clusters/Cluster 1/ervices/HIVE/config?view=FULL
Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
  • In a shell script? http://unix.stackexchange.com/a/78787/128228 shows the noecho-and-read-from-tty method. – thrig Jun 01 '16 at 14:03
  • read -s -p "Enter a password to display to everyone in the curl command: " password -- both flags are an extension to POSIX, so may not be available. Otherwise, see thrig's pointer. – Jeff Schaller Jun 01 '16 at 14:04
  • 1
    If you think that you can get thispassword information from a variable of some sort, just because the user is logged in, you are mistaken. It is NOT cached ir anything like that. If you need the password, you should ask the user in the running of your software, which needs to be input. If you store it somewhere, it is a security violation for any respectable software and should not be done. – MelBurslan Jun 01 '16 at 14:05
  • @MelBurslan, is it possible to read the password from the ssh key? I am working in the Hadoop environment and running the jobs from putty, jenkins and oozie. – Alex Raj Kaliamoorthy Jun 01 '16 at 14:30
  • ssh keys do not contain passwords. They can use a pass-phrase, but even in that case, lookup of this phrase is one way, i.e., you ask user what it is, encrypt it and compare the encrypted hash with what is on the remote server. If you have the encrypted hash, you can not extract pass-phrase from that one, unless you have an immensely powerful computer, likes of a quantum computer. So, the simple answer is NO you can not get the password for a session, without asking it to be input. It is a bad practice but with ssh, you can have blank pass-phrases to prevent asking for it. – MelBurslan Jun 01 '16 at 14:38

1 Answers1

1

If you have the user credentials for a user that has permissions to perform the API, then you could put them into $HOME/.netrc as such:

machine localhost login that-username-here password that-password-here

where the every other word: machine, login, and password are key words to keep intact) and lock down the permissions of the file appropriately (e.g. chmod go= $HOME/.netrc) and use curl's --netrc option:

If used with HTTP, curl will enable user authentication.

curl --netrc "http://localhost:7180/api/v1/clusters/Cluster 1/services/HIVE/config?view=FULL"

I adjusted your curl parameter in two ways:

  1. changed an assumed typo of "ervices" to "services", and
  2. quoted the entire thing, to enable one parameter to the curl command (given the space in the "Cluster 1" name)

If you simply lack the password for a different user, that is a different problem, and is when I would recommend creating a separate account for such API calls (or asking for such an account to be created).

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255