[Freeipa-devel] [PATCH] Don't pass the DM password on the command-line
Simo Sorce
ssorce at redhat.com
Mon May 19 19:42:51 UTC 2008
On Mon, 2008-05-19 at 14:29 -0400, Rob Crittenden wrote:
> We used the -w flag when calling ldapmodify so were passing the DM
> password on the command-line. This meant that if something went wrong
> the DM password got logged.
>
> Use the -y flag instead which takes a file. I'm using mkstemp() to
> create that file and a try/finally to be sure it is always removed,
> even
> if an error is thrown.
I'll ack if you add an extra chmod 400 for safety before you write the
password.
Thanks for fixing this.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list