URL: https://github.com/freeipa/freeipa/pull/658 Author: Akasurde Title: #658: Hide PKI Client database password in log file Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/658/head:pr658 git checkout pr658
From be5facf623a02a8efe41a9ae238975caa47352f9 Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde <akasu...@redhat.com> Date: Mon, 27 Mar 2017 16:06:09 +0530 Subject: [PATCH] Hide PKI Client database password in log file Signed-off-by: Abhijeet Kasurde <akasu...@redhat.com> --- ipaserver/install/cainstance.py | 4 +++- ipaserver/install/krainstance.py | 8 +++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index f0d3c23..2fc3741 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -613,7 +613,9 @@ def __spawn_instance(self): try: DogtagInstance.spawn_instance( self, cfg_file, - nolog_list=(self.dm_password, self.admin_password) + nolog_list=(self.dm_password, + self.admin_password, + self.tmp_agent_pwd) ) finally: os.remove(cfg_file) diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py index b41ccb6..739cd25 100644 --- a/ipaserver/install/krainstance.py +++ b/ipaserver/install/krainstance.py @@ -150,6 +150,7 @@ def __spawn_instance(self): os.chown(cfg_file, pent.pw_uid, pent.pw_gid) self.tmp_agent_db = tempfile.mkdtemp( prefix="tmp-", dir=paths.VAR_LIB_IPA) + self.tmp_agent_pwd = ipautil.ipa_generate_password() # Create KRA configuration config = ConfigParser() @@ -173,8 +174,7 @@ def __spawn_instance(self): # Client security database config.set("KRA", "pki_client_database_dir", self.tmp_agent_db) - config.set("KRA", "pki_client_database_password", - ipautil.ipa_generate_password()) + config.set("KRA", "pki_client_database_password", self.tmp_agent_pwd) config.set("KRA", "pki_client_database_purge", "True") config.set("KRA", "pki_client_pkcs12_password", self.admin_password) @@ -275,7 +275,9 @@ def __spawn_instance(self): try: DogtagInstance.spawn_instance( self, cfg_file, - nolog_list=(self.dm_password, self.admin_password) + nolog_list=(self.dm_password, + self.admin_password, + self.tmp_agent_pwd) ) finally: os.remove(p12_tmpfile_name)
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code