Description of problem: ipa-server-install: ask for certificate pin interactively ipa-server-install requires respective --[service]_pin=<secret> CLI option to be given when --[service]_pkcs12=/path/to/pkcs12 is given. This is bad because the password is visible for quite a long time in process list and in bash history (and god only knows where else). ipa-server-install should move to interactive and password-file methods to provide password instead Version-Release number of selected component (if applicable): freeipa-server-3.2.0-2.fc19.armv7hl How reproducible: always Steps to Reproduce: 1. run ipa-server-install with --http_pkcs12 and/or --dirsrv_pkcs12 and/or --pkinit_pkcs12 options but without respective *pin=<secret> options 2. 3. Actual results: ipa-server-install fails Expected results: ipa-server-install should ask for passwords interactively Additional info:
Good point. We can ask interactively for these options as we do in other cases (admin/DS password). I will file an upstream ticket.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/3717
Fixed upstream: master: 693710784bb303b5c9c5088cfbf60db44f9a6321 Print newline after receiving EOF in installutils.read_password. ab2debd1ea6c9b7cf0f35f48620b2609ff0c570c Ask for PKCS#12 password interactively in ipa-replica-prepare. ea544bee4c2abea63129e395e0b27493d0711c01 Ask for PKCS#12 password interactively in ipa-server-install. ipa-3-2: 38c05850c256db116fae08f85210ef206b1044c4 Print newline after receiving EOF in installutils.read_password. 0b7e1d59a97672bc76e912cd268a94fb669cad65 Ask for PKCS#12 password interactively in ipa-replica-prepare. d130688fae56bc35166f0796e3043450044d24fc Ask for PKCS#12 password interactively in ipa-server-install.
sssd-1.11.0-0.1.beta2.fc19, freeipa-3.3.0-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/sssd-1.11.0-0.1.beta2.fc19,freeipa-3.3.0-1.fc19
Package sssd-1.11.0-0.1.beta2.fc19, freeipa-3.3.0-1.fc19, slapi-nis-0.47.7-1.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing sssd-1.11.0-0.1.beta2.fc19 freeipa-3.3.0-1.fc19 slapi-nis-0.47.7-1.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-14470/sssd-1.11.0-0.1.beta2.fc19,freeipa-3.3.0-1.fc19,slapi-nis-0.47.7-1.fc19 then log in and leave karma (feedback).
Package freeipa-3.3.0-2.fc19, sssd-1.11.0-0.1.beta2.fc19, slapi-nis-0.47.7-1.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing freeipa-3.3.0-2.fc19 sssd-1.11.0-0.1.beta2.fc19 slapi-nis-0.47.7-1.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-14470/sssd-1.11.0-0.1.beta2.fc19,freeipa-3.3.0-2.fc19,slapi-nis-0.47.7-1.fc19 then log in and leave karma (feedback).
freeipa-3.3.0-2.fc19, sssd-1.11.0-0.1.beta2.fc19, slapi-nis-0.47.7-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.