Bug 1374439 - ds_removal and ds_unregister should support prompting for password
Summary: ds_removal and ds_unregister should support prompting for password
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: Admin
Version: 10.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: DS10.1
: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-08 16:20 UTC by Viktor Ashirov
Modified: 2020-09-13 21:50 UTC (History)
1 user (show)

Fixed In Version: 389-admin-1.1.45-1.el7dsrv
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-07 15:40:07 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github 389ds 389-ds-base issues 2047 0 None None None 2020-09-13 21:50:52 UTC
Red Hat Product Errata RHBA-2016:2665 0 normal SHIPPED_LIVE Red Hat Directory Server bug fix and enhancement update 2016-11-07 20:38:00 UTC

Description Viktor Ashirov 2016-09-08 16:20:24 UTC
Description of problem:

ds_removal and ds_unregister take password only from command line:
Usage: /usr/sbin/ds_removal [-f] -s server_id -w admin_password

Admin password can be saved to shell history or can be seen in the process list. 
We should avoid that.

Version-Release number of selected component (if applicable):
389-admin-1.1.44-1.el7dsrv.x86_64.rpm

Comment 2 Viktor Ashirov 2016-09-29 19:12:55 UTC
Build tested:
389-admin-1.1.45-1.el7dsrv.x86_64

Usage info and man page show new option:

[root@rhel7ds ~]# ds_removal 
Error: Directory Server identifier is missing. Administration user password is missing.
Usage: /usr/sbin/ds_removal [-f] -s server_id -w admin_password | -w -
       server_id: Directory server identifier; slapd-<server_id>
       admin_password: Administration user password
       -f - force - optional - ignore errors and force removal of as much as possible

[root@rhel7ds ~]# man ds_removal
...
       -w password
              Required - password - the password for the console admin user.  If password is '-', prompt for the password.
...

[root@rhel7ds ~]# ds_removal -s rhel7ds-2 -w -
Enter Admin Password: 
[root@rhel7ds ~]# echo $?
0

The same goes for ds_unregister.

Marking as VERIFIED.

Comment 4 errata-xmlrpc 2016-11-07 15:40:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2665.html


Note You need to log in before you can comment on or make changes to this bug.