Another fyi, in confluent commands that may take passwords (e.g. using nodeattrib to set the db), it supports: -Passing through CLI as usual -Passing through environment variable (keeps it out of 'ps' output) -Interactive prompting with double-prompting to confirm value.
I tend to push the password through environment variable for automation and use the interactive for situations that suggest simple echo-off password entry. Of course simple echo-off password entry can be done with 'read -s', but no double-entry confirmation, so a typo is not as easily caught. From: Mark Gurevich <[email protected]> Sent: Thursday, December 19, 2019 8:55 AM To: xCAT Users Mailing list <[email protected]> Subject: [External] Re: [xcat-user] bmcdiscover logs passwords Please open an issue against xcat-core for this. I feel bmcdiscover should redact passwords either passed in or pulled from table. Mark Gurevich Poughkeepsie Development Lab HPC Software Development - xCAT "If we knew what it was we were doing, it would not be called research, would it?" --Albert Einstein [Inactive hide details for Lachlan Musicman ---12/19/2019 08:07:14 AM---On Thu, 19 Dec 2019 at 10:49, Jarrod Johnson <jjohnson2@]Lachlan Musicman ---12/19/2019 08:07:14 AM---On Thu, 19 Dec 2019 at 10:49, Jarrod Johnson <[email protected]<mailto:[email protected]>> wrote: > From: Lachlan Musicman <[email protected]<mailto:[email protected]>> To: xCAT Users Mailing list <[email protected]<mailto:[email protected]>> Date: 12/19/2019 08:07 AM Subject: Re: [xcat-user] [External] bmcdiscover logs passwords ________________________________ On Thu, 19 Dec 2019 at 10:49, Jarrod Johnson <[email protected]<mailto:[email protected]>> wrote: > > On a related note, we did do some redaction in the Lenovo branch: > https://github.com/xcat2/xcat-core/commit/7a06672320d62644fe7e6f695c27f51151820b9f > https://github.com/xcat2/xcat-core/commit/9d318cca7626451f97c691053f9965523e596640 > https://github.com/xcat2/xcat-core/commit/08eeb047255655ca11c14896d1acce8787a17282 Ok, so I'm not the only one that thinks this is unusual. Should I put in an issue against xcat-core: - for the bmcdiscover documentation to note that passwords passed on the command line will be logged (responsible disclosure) or - for bmcdiscover to redact passwords passed on the command line? cheers L. _______________________________________________ xCAT-user mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/xcat-user
_______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
