Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Scrub ldap_default_authtok password in sssd plugin

The file sssd.conf collected by the sssd plugin may contain an
ldap password. Add a postproc() method to replace the string with
blanks.

Signed-off-by: Bryn M. Reeeves <bmr@redhat.com>
  • Loading branch information...
commit fec14d2d9e0114e959d9626ca1457cd578c1d029 1 parent 80e251f
@bmr-cymru bmr-cymru authored
Showing with 9 additions and 1 deletion.
  1. +9 −1 sos/plugins/sssd.py
View
10 sos/plugins/sssd.py
@@ -24,7 +24,15 @@ class Sssd(Plugin):
packages = ('sssd',)
def setup(self):
- self.add_copy_specs(["/etc/sssd", "/var/log/sssd/*"])
+ self.add_copy_specs([
+ "/etc/sssd/sssd.conf",
+ "/var/log/sssd/*"
+ ])
+
+ def postproc(self):
+ self.do_file_sub("/etc/sssd/sssd.conf",
+ r"(\s*ldap_default_authtok\s*=\s*)\S+",
+ r"\1********")
class RedHatSssd(Sssd, RedHatPlugin):
"""sssd-related Diagnostic Information on Red Hat based distributions
Please sign in to comment.
Something went wrong with that request. Please try again.