Bug 1013393

Summary: [RFE]: Secure password handling for katello cmdline tool
Product: Red Hat Satellite Reporter: Magnus Glantz <sudo>
Component: HammerAssignee: Adam Price <adprice>
Status: CLOSED DUPLICATE QA Contact: Katello QA List <katello-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: NightlyCC: mmccune
Target Milestone: UnspecifiedKeywords: FutureFeature, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-18 18:11:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Magnus Glantz 2013-09-29 22:16:09 UTC 
Description of problem:
You need to provide a password unto the cmdline when using the katello cmdline tool eg:
# katello -u user -p cleartextpassword org list

Not providing the password should query for it in a secure manner, so you don't end up with passwords in .bash_history and other places.

Version-Release number of selected component (if applicable):
1.4.8-1.git.4.c940d43.el6

How reproducible:
N/A

Steps to Reproduce:
N/A

Actual results:
The katello cmdline tool requires you to pass your password in cleartext at least once when using it.

Expected results:
There should be a query for my user and/or password, if they are missing.

# katello org list
Enter username: myuser
Enter password:
---------------------------
                                                                                                             Organization List

ID Name             Label            Description                   
---------------------------
1  ACME_Corporation ACME_Corporation ACME_Corporation Organization 
#

# katello -u myuser org list
Enter password:
---------------------------
                                                                                                             Organization List

ID Name             Label            Description                   
---------------------------
1  ACME_Corporation ACME_Corporation ACME_Corporation Organization 
#

Additional info:
Not fixed, this is a fairly serious security risk.
Comment 1 Mike McCune 2013-10-10 17:52:34 UTC 
moving to our downstream product to include this.  Our CLI is undergoing a lot of work and this may be included
Comment 4 Mike McCune 2014-03-18 18:11:02 UTC 

*** This bug has been marked as a duplicate of bug 958115 ***