[Freeipa-users] can ipa-client-install be updated to call username/password from a file?
Petr Viktorin
pviktori at redhat.com
Wed Oct 1 09:01:24 UTC 2014
On 10/01/2014 10:37 AM, Tamas Papp wrote:
>
> On 10/01/2014 10:19 AM, Les Stott wrote:
>>
>> Hi,
>>
>> I am using freeipa in a rhel6 environment with ipa-3.0.0-37.el6 client.
>>
>> I am working on doing an unattended ipa client installation. I have it
>> working with the following….
>>
>> /usr/sbin/ipa-client-install -p admin -w <admin_password> -U --no-ntp
>>
>> While this works, while it runs, the <admin_password> value is visable
>> in the output of a ps –ef command on the host when installing the ipa
>> client.
>>
>> # ps -ef |grep ipa
>>
>> root 30284 30283 43 03:31 ? 00:00:01 /usr/bin/python -E
>> /usr/sbin/ipa-client-install -p admin -w <plain_text_password> -U --no-ntp
>>
>> This represents a challenge to security, even though its only minor
>> (as in its only there for a minute or so), but its still there and it
>> is the admin password.
>>
>> Can ipa-client-install be updated to include a parameter to retrieve
>> the admin password from a file? i.e.
>>
>
> Try it with '-W < pwfile'.
>
> t
Right, you can just pipe the password to the installer.
More obvious ways to specify passwords for installers are planned for
4.2: https://fedorahosted.org/freeipa/ticket/4040
--
Petr³
More information about the Freeipa-users
mailing list