Bug 445205 - [RFE] Encrypt replica information
[RFE] Encrypt replica information
Product: freeIPA
Classification: Community
Component: ipa-server (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Rob Crittenden
Chandrasekar Kannan
Depends On:
Blocks: 453489
  Show dependency treegraph
Reported: 2008-05-05 10:14 EDT by Simo Sorce
Modified: 2015-01-04 18:32 EST (History)
2 users (show)

See Also:
Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-03-27 03:12:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Simo Sorce 2008-05-05 10:14:12 EDT
When we create a replica file we include in it very security sensitive
information. Then we tell the admin to move it to another machine and
use it.
This info is not cleared from the main server, and it may be forgotten
in a tmp directory on the target server.

Given we need to ask for the Directory Manager password to be able to
install the replica I was thinking it could be a good idea to encrypt
the replica information with the same password and decipher the data
only at installation time, making sure we clean up any temporary file.

This also implicitly proves the Directory Manager password is correct
even before trying to connect to the other server catching an error in
that sense very early on.
Comment 1 Rob Crittenden 2008-08-15 13:44:00 EDT
Committed by Simo.

master: 0368d4329ae54d97b6fb5da60580beefa29d07bc

Uses gpg to encrypt and decrypt the file using the DM password.
Comment 2 Jenny Galipeau 2008-12-01 13:55:38 EST
Fix Verified:

Prompted for DM password when creating replica file.  
It is created in /var/lib/ipa and is encrypted.

Note You need to log in before you can comment on or make changes to this bug.