Hi
Its never a good idea to have a password on the command-line. Patch 0001- removes the -p/--password option from sss_obfuscate command. Patch 0002- updated sss_obfuscate man pages accordingly. -- regards /shanks
>From 81763a6eb00afbdeeec08c46f5b7db438b23d154 Mon Sep 17 00:00:00 2001 From: Gowrishankar Rajaiyan <g...@redhat.com> Date: Wed, 2 Feb 2011 19:18:10 +0530 Subject: [PATCH 1/2] removing password option functionality --- src/tools/sss_obfuscate | 6 +----- 1 files changed, 1 insertions(+), 5 deletions(-) diff --git a/src/tools/sss_obfuscate b/src/tools/sss_obfuscate index cd91161515b1db62dba3b3f7f0b4db88970a07e0..352a4373d36507b2eacdfa66f633d3b69b56cddd 100644 --- a/src/tools/sss_obfuscate +++ b/src/tools/sss_obfuscate @@ -26,10 +26,6 @@ def parse_options(): dest="filename", default=None, help="Set input file to FILE (default: Use system default, usually /etc/sssd/sssd.conf)", metavar="FILE") - parser.add_option("-p", "--password", - dest="password", default=None, - help="Password to obfuscate.", - metavar="PASSWORD") (options, args) = parser.parse_args() return options, args @@ -40,7 +36,7 @@ def main(): print >> sys.stderr, "Cannot parse options" return 1 - if not options.stdin and not options.password: + if not options.stdin: pprompt = lambda: (getpass.getpass("Enter password: "), getpass.getpass("Re-enter password: ")) p1, p2 = pprompt() while p1 != p2: -- 1.7.2.3
>From b7c74b1da9d1a652673f220e877f551167f0d9f4 Mon Sep 17 00:00:00 2001 From: Gowrishankar Rajaiyan <g...@redhat.com> Date: Wed, 2 Feb 2011 19:20:58 +0530 Subject: [PATCH 2/2] updating sss_obfuscate man page accordingly --- src/man/sss_obfuscate.8.xml | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/src/man/sss_obfuscate.8.xml b/src/man/sss_obfuscate.8.xml index 8b6a1727ad99a45fd67600acf879c809dec3f714..d2bc50e1199f5acb9da97ca2666b499f1126e4dd 100644 --- a/src/man/sss_obfuscate.8.xml +++ b/src/man/sss_obfuscate.8.xml @@ -34,8 +34,7 @@ section of the SSSD config file. </para> <para> - The cleartext password can be specified as an argument to the - program, read from standard input or entered interactively. + The cleartext password is read from standard input or entered interactively. The obfuscated password is put into <quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the <quote>ldap_default_authtok_type</quote> parameter is set to -- 1.7.2.3
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel