Hide Forgot
master: commit 26bc698847b5348033ce3abb225ed24ebce4386d (origin/master, origin/HEAD, gerrit/master, master) Author: Ade Lee <alee> Date: Tue Jan 9 12:14:23 2018 -0500 Fix masking in the archived deployment.cfg Resolves rhbz#1532759 Change-Id: Ia464852bab792b1629436ddbb963be1479579bc4 10.5: commit 70ef976dfabe2c34ed69ac00c8868b3c7f6d825b (HEAD -> masking_fix_10.5) Author: Ade Lee <alee> Date: Tue Jan 9 12:14:23 2018 -0500 Fix masking in the archived deployment.cfg Cherry-picked from 26bc698847b5348033ce3abb225ed24ebce4386d Resolves rhbz#1532759 Change-Id: Ia464852bab792b1629436ddbb963be1479579bc4
QE Verification: 1. Create instance using a pkispawn deployment file. Make sure to place the passwords in the DEFAULT section. 2. Check the archived deployment file under /etc/sysconfig/pki/tomcat/<instance_name>/<subsystem>/deployment.cfg. Passwords should be masked - and the file should have pkiuser ownership, and not be world readable.
[root@nocp1 ~]# rpm -qi pki-ca Name : pki-ca Version : 10.5.1 Release : 6.el7 Architecture: noarch Install Date: Fri 26 Jan 2018 02:35:32 PM EST Group : System Environment/Daemons Size : 2360651 License : GPLv2 Signature : RSA/SHA256, Tue 23 Jan 2018 10:44:40 PM EST, Key ID 199e2f91fd431d51 Source RPM : pki-core-10.5.1-6.el7.src.rpm Build Date : Tue 23 Jan 2018 10:14:38 PM EST Build Host : ppc-016.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://pki.fedoraproject.org/ Summary : Certificate System - Certificate Authority Verifiation steps explained in comment 8
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0925