JR Aquino wrote:
On 2/22/11 7:45 PM, "JR Aquino"<jr.aqu...@citrix.com>  wrote:

This patch addressees ticket #998

It adds:

* ldif to create a default sudo bind user: dn:
* modifications to dsinstance.py to add the ldif
* modifications to dsinstance.py to add a call to
ipautil.ipa_generate_password() for an random password. It is added to
the sub_dict as 'RANDOM_PASSWORD'
* addition to the Makefile.am in install/share to account for the new
ldif file

Corrections / Additions:

* Correction to dsinstance.py to remove the unnecessary sha1 call and
* Addition of docstring for the ipa help sudorule to explain usage of the
sudo binddn

We need to make sure we don't log random passwords. Can you add this to your patch?

--- service.py  2011-02-14 20:18:23.000000000 -0500
+++ /tmp/service.py     2011-02-23 13:49:56.000000000 -0500
@@ -137,6 +137,8 @@
             # do not log passwords
             if sub_dict.has_key('PASSWORD'):
                 nologlist = sub_dict['PASSWORD'],
+            if sub_dict.has_key('RANDOM_PASSWORD'):
+                nologlist = sub_dict['RANDOM_PASSWORD'],

         if self.dm_password:
             [pw_fd, pw_name] = tempfile.mkstemp()

Freeipa-devel mailing list

Reply via email to