Autologin (GNU Dico Manual)

7.4 Autologin

After connecting to a remote server, dico checks if the server supports authentication and attempts to authenticate itself if so. To do this dico needs a set of parameters called user credentials. The exact set of credentials depends on the authentication mechanism being used, with user name and password being the two most important ones.

The user credentials can be supplied from the following sources:

Command line options --user and --password.
An URL given as a command line argument (see user).
Autologin files.

These three sources are consulted in that order, i.e., a user name supplied with the --user command line option takes precedence over the one found in an URL and over any names supplied by autologin files.

If, after consulting all these sources, the user name is established, while the password is not, the resulting action depends on whether the standard input is connected to a terminal. If it is, dico will ask the user to supply a password. If it is not, authentication is aborted and connection to the server is closed.

Some authentication mechanisms require additional credentials. For example, GSSAPI authentication requires a service name. These credentials can be supplied only in autologin file.

Autologin file is a plaintext file that contains authentication information for various DICT servers. At most two autologin files are consulted: first the session-specific file, if it is supplied by autologin command (see autologin) or by the --autologin command line option, next the default file .dicologin in the user’s home directory. The default autologin file is examined only if no matching record was found in the session-specific one.

The autologin file format is similar to that of .netrc file used by ftp utility.

Comments are introduced by a pound sign. Anything starting from ‘#’ up to the end of physical line is ignored.

Empty lines and comments are ignored.

Non-empty lines constitute statements. Tokens in a statement are separated with spaces, tabs, or newlines. A valid statement must begin with one of the following:

machine name: This statement contains parameters for authenticating on machine name.
default: This statement contains parameters for authenticating on any machine, except those explicitly listed in machine statements. There can be at most one default statement in autologin file. Its exact location does not matter, it will always be matched after all explicit machine statements.

During the lookup, dico searches the autologin file for a machine statement whose name matches the remote server name as given by --host command line option, host part of an URL (see DICT URL), or the argument to the open command (see open). If it reaches end of the file without having found such an entry, it uses the default value, if available.

Once a matching entry is found, its subsequent tokens are analyzed. The following tokens are recognized:

login name: Supply user name for this server.
password string: Supply a password.
noauth: Do not perform authentication on this machine.
sasl: Enable SASL authentication.
nosasl: Disable SASL authentication.
mechanisms list: Declare acceptable SASL mechanisms. The list argument is a comma-separated list of mechanism names, without intervening whitespace. Multiple mechanisms may be given, in which case the corresponding lists are concatenated.
service name: Declare service name, for authentication methods that need it. If this token is omitted, the default service name ‘dico’ is used.
realm name: Declare realm for authentication.
host name: Set host name for this machine. By default, it is determined automatically.

Consider the following autologin entry, for example:

machine a.net user smith password guessme
machine b.net
  sasl
  mechanisms gssapi,digest-md5
  realm example.net
  service dico
  user smith password guessme
default noauth

When connecting to the server ‘a.net’, dico will attempt the usual APOP authentication as user ‘smith’ with password ‘guessme’. When connecting to the machine ‘b.net’, it will use SASL authentication, via either GSSAPI or DIGEST-MD5 mechanisms, with realm name ‘example.net’, service name ‘dico’ and the same user name and password, as for ‘a.net’.

The authentication mechanism is suppressed if the --noauth option has been given in the command line, or a matching entry was found in one of the autologin files, which contained the noauth keyword.