On 2/23/11 11:23 AM, Simo Sorce sso...@redhat.com wrote:
On Wed, 23 Feb 2011 13:50:37 -0500
Rob Crittenden rcrit...@redhat.com wrote:
JR Aquino wrote:
On 2/22/11 7:45 PM, JR Aquinojr.aqu...@citrix.com wrote:
This patch addressees ticket #998
It adds:
* ldif to create a default sudo bind user: dn:
uid=sudo,cn=sysaccounts,cn=etc,$SUFFIX
* modifications to dsinstance.py to add the ldif
* modifications to dsinstance.py to add a call to
ipautil.ipa_generate_password() for an random password. It is
added to the sub_dict as 'RANDOM_PASSWORD'
* addition to the Makefile.am in install/share to account for the
new ldif file
Corrections / Additions:
* Correction to dsinstance.py to remove the unnecessary sha1 call
and library
* Addition of docstring for the ipa help sudorule to explain usage
of the sudo binddn
We need to make sure we don't log random passwords. Can you add this
to your patch?
--- service.py 2011-02-14 20:18:23.0 -0500
+++ /tmp/service.py 2011-02-23 13:49:56.0 -0500
@@ -137,6 +137,8 @@
# do not log passwords
if sub_dict.has_key('PASSWORD'):
nologlist = sub_dict['PASSWORD'],
+if sub_dict.has_key('RANDOM_PASSWORD'):
+nologlist = sub_dict['RANDOM_PASSWORD'],
Should you append to nologlist ?
If I read this right otherwise you'll replace the previous one.
Simo.
New corrections posted for the full patch.
Adding a correction to nologlist to initialize it as a dict rather than a
tuple. Then correctly appending the various sub_dict objects to the list.
Also corrected 2 trailing whitespace bugs that were present in the
previous patch.
freeipa-jraquino-0020-Create-default-disabled-sudo-bind-user.patch
Description: freeipa-jraquino-0020-Create-default-disabled-sudo-bind-user.patch
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
