JR Aquino wrote:
On 2/22/11 7:45 PM, "JR Aquino"<jr.aqu...@citrix.com>  wrote:

This patch addressees ticket #998

It adds:

* ldif to create a default sudo bind user: dn:
uid=sudo,cn=sysaccounts,cn=etc,$SUFFIX
* modifications to dsinstance.py to add the ldif
* modifications to dsinstance.py to add a call to
ipautil.ipa_generate_password() for an random password. It is added to
the sub_dict as 'RANDOM_PASSWORD'
* addition to the Makefile.am in install/share to account for the new
ldif file

Corrections / Additions:

* Correction to dsinstance.py to remove the unnecessary sha1 call and
library
* Addition of docstring for the ipa help sudorule to explain usage of the
sudo binddn


We need to make sure we don't log random passwords. Can you add this to your patch?

--- service.py  2011-02-14 20:18:23.000000000 -0500
+++ /tmp/service.py     2011-02-23 13:49:56.000000000 -0500
@@ -137,6 +137,8 @@
             # do not log passwords
             if sub_dict.has_key('PASSWORD'):
                 nologlist = sub_dict['PASSWORD'],
+            if sub_dict.has_key('RANDOM_PASSWORD'):
+                nologlist = sub_dict['RANDOM_PASSWORD'],

         if self.dm_password:
             [pw_fd, pw_name] = tempfile.mkstemp()

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to