IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Don't leak passwords through kdb5_ldap_util command line arguments.

Browse Source 
ticket 1948
This commit is contained in:
Jan Cholasta 2011-10-11 18:44:33 +02:00 committed by Rob Crittenden
parent f2fb6552c9
commit 0d823ddc4e
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ipaserver/install/krbinstance.py
View File

@ -295,11 +295,17 @@ class KrbInstance(service.Service):
def __init_ipa_kdb(self): def __init_ipa_kdb(self):
#populate the directory with the realm structure #populate the directory with the realm structure
args = ["kdb5_util", "create", "-s", "-P", self.master_password, args = ["kdb5_util", "create", "-s",
"-r", self.realm, "-r", self.realm,
"-x", "ipa-setup-override-restrictions"] "-x", "ipa-setup-override-restrictions"]
dialogue = (
# Enter KDC database master key:
self.master_password + '\n',
# Re-enter KDC database master key to verify:
self.master_password + '\n',
)
try: try:
ipautil.run(args, nolog=(self.master_password)) ipautil.run(args, nolog=(self.master_password), stdin=''.join(dialogue))
except ipautil.CalledProcessError, e: except ipautil.CalledProcessError, e:
print "Failed to initialize the realm container" print "Failed to initialize the realm container"