JR Aquino wrote:
On 2/23/11 11:23 AM, "Simo Sorce"<sso...@redhat.com>  wrote:

On Wed, 23 Feb 2011 13:50:37 -0500
Rob Crittenden<rcrit...@redhat.com>  wrote:

JR Aquino wrote:
On 2/22/11 7:45 PM, "JR Aquino"<jr.aqu...@citrix.com>   wrote:

This patch addressees ticket #998

It adds:

* ldif to create a default sudo bind user: dn:
uid=sudo,cn=sysaccounts,cn=etc,$SUFFIX
* modifications to dsinstance.py to add the ldif
* modifications to dsinstance.py to add a call to
ipautil.ipa_generate_password() for an random password. It is
added to the sub_dict as 'RANDOM_PASSWORD'
* addition to the Makefile.am in install/share to account for the
new ldif file

Corrections / Additions:

* Correction to dsinstance.py to remove the unnecessary sha1 call
and library
* Addition of docstring for the ipa help sudorule to explain usage
of the sudo binddn


We need to make sure we don't log random passwords. Can you add this
to your patch?

--- service.py  2011-02-14 20:18:23.000000000 -0500
+++ /tmp/service.py     2011-02-23 13:49:56.000000000 -0500
@@ -137,6 +137,8 @@
               # do not log passwords
               if sub_dict.has_key('PASSWORD'):
                   nologlist = sub_dict['PASSWORD'],
+            if sub_dict.has_key('RANDOM_PASSWORD'):
+                nologlist = sub_dict['RANDOM_PASSWORD'],

Should you append to nologlist ?
If I read this right otherwise you'll replace the previous one.

Simo.

New corrections posted for the full patch.

Adding a correction to nologlist to initialize it as a dict rather than a
tuple.  Then correctly appending the various sub_dict objects to the list.
Also corrected 2 trailing whitespace bugs that were present in the
previous patch.

ack, pushed to master.

I just added a bit more info to the commit message.

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to