Bug 1013393 - [RFE]: Secure password handling for katello cmdline tool
[RFE]: Secure password handling for katello cmdline tool
Status: CLOSED DUPLICATE of bug 958115
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Hammer (Show other bugs)
Nightly
Unspecified Unspecified
unspecified Severity unspecified (vote)
: Unspecified
: --
Assigned To: Adam Price
Katello QA List
: FutureFeature, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-29 18:16 EDT by Magnus Glantz
Modified: 2014-03-18 14:20 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-03-18 14:11:02 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Magnus Glantz 2013-09-29 18:16:09 EDT
Description of problem:
You need to provide a password unto the cmdline when using the katello cmdline tool eg:
# katello -u user -p cleartextpassword org list

Not providing the password should query for it in a secure manner, so you don't end up with passwords in .bash_history and other places.

Version-Release number of selected component (if applicable):
1.4.8-1.git.4.c940d43.el6

How reproducible:
N/A

Steps to Reproduce:
N/A

Actual results:
The katello cmdline tool requires you to pass your password in cleartext at least once when using it.

Expected results:
There should be a query for my user and/or password, if they are missing.

# katello org list
Enter username: myuser
Enter password:
---------------------------
                                                                                                             Organization List

ID Name             Label            Description                   
---------------------------
1  ACME_Corporation ACME_Corporation ACME_Corporation Organization 
#

# katello -u myuser org list
Enter password:
---------------------------
                                                                                                             Organization List

ID Name             Label            Description                   
---------------------------
1  ACME_Corporation ACME_Corporation ACME_Corporation Organization 
#

Additional info:
Not fixed, this is a fairly serious security risk.
Comment 1 Mike McCune 2013-10-10 13:52:34 EDT
moving to our downstream product to include this.  Our CLI is undergoing a lot of work and this may be included
Comment 4 Mike McCune 2014-03-18 14:11:02 EDT

*** This bug has been marked as a duplicate of bug 958115 ***

Note You need to log in before you can comment on or make changes to this bug.