JR Aquino wrote:
On 2/22/11 7:45 PM, "JR Aquino"<[email protected]> wrote:
This patch addressees ticket #998
It adds:
* ldif to create a default sudo bind user: dn:
uid=sudo,cn=sysaccounts,cn=etc,$SUFFIX
* modifications to dsinstance.py to add the ldif
* modifications to dsinstance.py to add a call to
ipautil.ipa_generate_password() for an random password. It is added to
the sub_dict as 'RANDOM_PASSWORD'
* addition to the Makefile.am in install/share to account for the new
ldif file
Corrections / Additions:
* Correction to dsinstance.py to remove the unnecessary sha1 call and
library
* Addition of docstring for the ipa help sudorule to explain usage of the
sudo binddn
We need to make sure we don't log random passwords. Can you add this to
your patch?
--- service.py 2011-02-14 20:18:23.000000000 -0500
+++ /tmp/service.py 2011-02-23 13:49:56.000000000 -0500
@@ -137,6 +137,8 @@
# do not log passwords
if sub_dict.has_key('PASSWORD'):
nologlist = sub_dict['PASSWORD'],
+ if sub_dict.has_key('RANDOM_PASSWORD'):
+ nologlist = sub_dict['RANDOM_PASSWORD'],
if self.dm_password:
[pw_fd, pw_name] = tempfile.mkstemp()
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
