I am using freeipa in a rhel6 environment with ipa-3.0.0-37.el6 client.

I am working on doing an unattended ipa client installation. I have it working 
with the following....

/usr/sbin/ipa-client-install -p admin -w <admin_password> -U --no-ntp

While this works, while it runs, the <admin_password> value is visable in the 
output of a ps -ef command on the host when installing the ipa client.

# ps -ef |grep ipa
root     30284 30283 43 03:31 ?        00:00:01 /usr/bin/python -E 
/usr/sbin/ipa-client-install -p admin -w <plain_text_password> -U --no-ntp

This represents a challenge to security, even though its only minor (as in its 
only there for a minute or so), but its still there and it is the admin 

Can  ipa-client-install be updated to include a parameter to retrieve the admin 
password from a file? i.e.

/usr/bin/python -E /usr/sbin/ipa-client-install -p admin -from-file 
/tmp/credentials -U --no-ntp

That would then protect the admin password.

I am not familiar with python coding.

Thanks in advance,

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to