Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport][ipa-4-6] Don't log host passwords when they are set/modified #3687

Closed
wants to merge 1 commit into from
Closed

[Backport][ipa-4-6] Don't log host passwords when they are set/modified #3687

wants to merge 1 commit into from

Conversation

rcritten
Copy link
Contributor

This PR was opened automatically because PR #3677 was pushed to master and backport to ipa-4-6 is required.

@rcritten
Don't log host passwords when they are set/modified
edd136a 
The host password was defined as a Str type so would be
logged in cleartext in the Apache log.

A new class, HostPassword, was defined to only override
safe_value() so it always returns an obfuscated value.

The Password class cannot be used because it has special treatment
in the frontend to manage prompting and specifically doesn't
allow a value to be passed into it. This breaks backwards
compatibility with older clients. Since this class is derived
from Str old clients treat it as a plain string value.

This also removes the search option from passwords.

https://pagure.io/freeipa/issue/8017

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
@rcritten
Copy link
Contributor Author

PR was ACKed automatically because this is backport of PR #3677. Wait for CI to finish before pushing. In case of questions or problems contact @rcritten who is author of the original PR.

@rcritten rcritten added ack Pull Request approved, can be merged pushed Pull Request has already been pushed labels Sep 19, 2019
@rcritten
Copy link
Contributor Author

ipa-4-6:

  • 86529f5 Don't log host passwords when they are set/modified

@rcritten rcritten closed this Sep 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
1 participant
@rcritten