mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
48a3f4af46
The host password was defined as a Str type so would be logged in cleartext in the Apache log. A new class, HostPassword, was defined to only override safe_value() so it always returns an obfuscated value. The Password class cannot be used because it has special treatment in the frontend to manage prompting and specifically doesn't allow a value to be passed into it. This breaks backwards compatibility with older clients. Since this class is derived from Str old clients treat it as a plain string value. This also removes the search option from passwords. https://pagure.io/freeipa/issue/8017 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>