Bug 1573511
Summary: | Auth MIQLDAP - miqldap_to_sssd conversion scripts puts admin password in sssd.conf file. | ||
---|---|---|---|
Product: | Red Hat CloudForms Management Engine | Reporter: | Matt Pusateri <mpusater> |
Component: | Documentation | Assignee: | Red Hat CloudForms Documentation <cloudforms-docs> |
Status: | CLOSED WONTFIX | QA Contact: | John Dupuy <jdupuy> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 5.9.0 | CC: | abellott, cpelland, jvlcek, kdixon, mshriver, obarenbo, simaishi |
Target Milestone: | GA | ||
Target Release: | cfme-future | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | auth:miqldap:externalauth:security | ||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-12-19 15:46:19 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Matt Pusateri
2018-05-01 14:55:18 UTC
SSSD requires the authtok to be in plain text in the /etc/sssd/sssd.conf file Fromt he SSSD-LDAP(5) man page: ldap_default_authtok (string) The authentication token of the default bind DN. Only clear text passwords are currently supported. There is an optional SSSD package, sssd-tools, that does have some support for some SSSD password obfuscation through the command SSS_OBFUSCATE(8). It is a package we do not ship. I will update the miqldap_to_sssd blog post [1] to include a mention of SSS_OBFUSCATE(8) for users that want to take advantage of it. [1] http://manageiq.org/blog/2017/09/miqldap-to-sssd/ manageiq.org isn't downstream documentation. Changing the component to Documentation so downstream documentation can be reviewed and updated as needed. (In reply to Satoe Imaishi from comment #5) > manageiq.org isn't downstream documentation. Changing the component to > Documentation so downstream documentation can be reviewed and updated as > needed. At the moment the only place the miqldap_to_sssd conversion script is documented is in the manageiq.org blog post. |