[Freeipa-devel] [PATCH] 20 Create default disabled sudo bind user
Rob Crittenden
rcritten at redhat.com
Wed Feb 23 18:50:37 UTC 2011
JR Aquino wrote:
> On 2/22/11 7:45 PM, "JR Aquino"<JR.Aquino at citrix.com> wrote:
>
>> This patch addressees ticket #998
>>
>> It adds:
>>
>> * ldif to create a default sudo bind user: dn:
>> uid=sudo,cn=sysaccounts,cn=etc,$SUFFIX
>> * modifications to dsinstance.py to add the ldif
>> * modifications to dsinstance.py to add a call to
>> ipautil.ipa_generate_password() for an random password. It is added to
>> the sub_dict as 'RANDOM_PASSWORD'
>> * addition to the Makefile.am in install/share to account for the new
>> ldif file
>
> Corrections / Additions:
>
> * Correction to dsinstance.py to remove the unnecessary sha1 call and
> library
> * Addition of docstring for the ipa help sudorule to explain usage of the
> sudo binddn
>
We need to make sure we don't log random passwords. Can you add this to
your patch?
--- service.py 2011-02-14 20:18:23.000000000 -0500
+++ /tmp/service.py 2011-02-23 13:49:56.000000000 -0500
@@ -137,6 +137,8 @@
# do not log passwords
if sub_dict.has_key('PASSWORD'):
nologlist = sub_dict['PASSWORD'],
+ if sub_dict.has_key('RANDOM_PASSWORD'):
+ nologlist = sub_dict['RANDOM_PASSWORD'],
if self.dm_password:
[pw_fd, pw_name] = tempfile.mkstemp()
More information about the Freeipa-devel
mailing list