[Puppet-bugs] [Puppet - Bug #1566] No log diffing (encrypted root in log problem)

Thu, 11 Sep 2008 07:03:59 -0700 

Issue #1566 has been updated by mmcgrath.


In my case of passwords (including root) I've got:

class my_user {
    include ruby-shadow-package
       user { 'myUser':
         ensure   => present,
         name     => 'myUser',
         password => '$6$NotRealSalt$NotEncryptedPassword'
   }


When it creates this user the logs show:

Sep 11 13:56:40 app3 puppetd[25643]: 
(//Node[app3]/root_user/User[myUser]/ensure) created

Thats fine, but when I change it I get:

Sep 11 13:57:56 app3 puppetd[26545]: 
(//Node[app3]/root_user/User[root1]/password) password changed 
'$1$OldSalt$OldCryptedPass' to '$6$NotRealSalt$NotEncryptedPassword'

and that stays in the logs which is something blocking us from using that 
feature to manage our root passwords.
----------------------------------------
Bug #1566: No log diffing (encrypted root in log problem)
http://reductivelabs.com/redmine/issues/show/1566

Author: mmcgrath
Status: Needs more information
Priority: Normal
Assigned to: 
Category: transactions
Target version: 
Complexity: Unknown
Affected version: 0.24.4
Keywords: 


Right now some of the root password changing bits shows up in the logs which we 
aren't comfortable with, just that lots of people have access to our logs but 
shouldn't have access to the encrypted root password.

I was wondering if it would be useful to do something like:

logdiff => false

Defaulting to true it would behave exactly as it does now.  If its false though 
the change will still show up in the logs that something changed but won't show 
you explicitly what.  If this is a dupe please close.


----------------------------------------
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://reductivelabs.com/redmine/my/account

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to