Bug 446865 - ipa-server-install will log passwords to log files
ipa-server-install will log passwords to log files
Status: CLOSED ERRATA
Product: freeIPA
Classification: Community
Component: ipa-server (Show other bugs)
1.0
All Linux
high Severity high
: ---
: ---
Assigned To: Rob Crittenden
Chandrasekar Kannan
:
Depends On:
Blocks: 429034
  Show dependency treegraph
 
Reported: 2008-05-16 10:48 EDT by Martin Nagy
Modified: 2016-07-26 19:46 EDT (History)
3 users (show)

See Also:
Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-27 03:16:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Don't pass the DM password on the command-line, use a file (2.76 KB, patch)
2008-05-19 14:29 EDT, Rob Crittenden
no flags Details | Diff

  None (edit)
Description Martin Nagy 2008-05-16 10:48:17 EDT
Description of problem:
If ipa-server-install will for some reason fail, it may result
in passwords being logged to the installation log file.

Version-Release number of selected component (if applicable):
Latest git version: 6119f83799a70738170e19f3e2d833fdf4ecbc86

How reproducible:
use ipa-server install and make sure it will fail

Steps to Reproduce:
1.
2.
3.
  
Actual results:
2008-05-12 15:18:11,503 CRITICAL Failed to load bootstrap-template.ldif: Command
'/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w aaaaaaaa -f
/tmp/tmpn3QE-F' returned non-zero exit status 32

Expected results:
2008-05-12 15:18:11,503 CRITICAL Failed to load bootstrap-template.ldif: Command
'/usr/bin/ldapmodify -h 127.0.0.1 -xv -D cn=Directory Manager -w hidden -f
/tmp/tmpn3QE-F' returned non-zero exit status 32

Additional info:
Comment 1 Rob Crittenden 2008-05-19 14:29:45 EDT
Created attachment 305990 [details]
Don't pass the DM password on the command-line, use a file
Comment 2 Rob Crittenden 2008-05-19 17:08:56 EDT
ipa-1-0: 649dcf6c445d99f13151eef4c518635e03d496a5
master: 6c87f831806af51539824244d684c2431b8e7af7
Comment 3 Yi Zhang 2008-05-22 18:33:33 EDT
QA Verified on May 22, 2008 (Yi)

Build used: May 22, 2008 (x64)

test run:
1. yum install ipa-server
2. change the file: /usr/share/ipa/bootstrap-template.ldif to different file
3. ipa-server-install

--- result: the install failed, but there is no password logged, test passed
2008-05-22 15:20:27,956 INFO
2008-05-22 15:20:27,957 DEBUG   [12/16]: adding default layout
2008-05-22 15:20:27,962 DEBUG [Errno 2] No such file or directory:
'/usr/share/ipa/bootstrap-template.ldif'
  File "/usr/sbin/ipa-server-install", line 556, in ?
    main()

  File "/usr/sbin/ipa-server-install", line 482, in main
    ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password)

  File "/usr/lib/python2.4/site-packages/ipaserver/dsinstance.py", line 182, in
create_instance
    self.start_creation("Configuring directory server:")

  File "/usr/lib/python2.4/site-packages/ipaserver/service.py", line 139, in
start_creation
    method()

  File "/usr/lib/python2.4/site-packages/ipaserver/dsinstance.py", line 359, in
__add_default_layout
    self.__ldap_mod("bootstrap-template.ldif", self.sub_dict)

  File "/usr/lib/python2.4/site-packages/ipaserver/dsinstance.py", line 279, in
__ldap_mod
    txt = ipautil.template_file(path, sub_dict)


Note You need to log in before you can comment on or make changes to this bug.