On 10/01/2014 10:37 AM, Tamas Papp wrote:


On 10/01/2014 10:19 AM, Les Stott wrote:

Hi,

I am using freeipa in a rhel6 environment with ipa-3.0.0-37.el6 client.

I am working on doing an unattended ipa client installation. I have it
working with the following….

/usr/sbin/ipa-client-install -p admin -w <admin_password> -U --no-ntp

While this works, while it runs, the <admin_password> value is visable
in the output of a ps –ef command on the host when installing the ipa
client.

# ps -ef |grep ipa

root     30284 30283 43 03:31 ? 00:00:01 /usr/bin/python -E
/usr/sbin/ipa-client-install -p admin -w <plain_text_password> -U --no-ntp

This represents a challenge to security, even though its only minor
(as in its only there for a minute or so), but its still there and it
is the admin password.

Can  ipa-client-install be updated to include a parameter to retrieve
the admin password from a file? i.e.


Try it with '-W < pwfile'.

t


Right, you can just pipe the password to the installer.

More obvious ways to specify passwords for installers are planned for 4.2: https://fedorahosted.org/freeipa/ticket/4040



--
Petr³

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to