[Freeipa-users] can ipa-client-install be updated to call username/password from a file?
Les Stott
Less at imagine-sw.com
Wed Oct 1 08:19:11 UTC 2014
Hi,
I am using freeipa in a rhel6 environment with ipa-3.0.0-37.el6 client.
I am working on doing an unattended ipa client installation. I have it working with the following....
/usr/sbin/ipa-client-install -p admin -w <admin_password> -U --no-ntp
While this works, while it runs, the <admin_password> value is visable in the output of a ps -ef command on the host when installing the ipa client.
# ps -ef |grep ipa
root 30284 30283 43 03:31 ? 00:00:01 /usr/bin/python -E /usr/sbin/ipa-client-install -p admin -w <plain_text_password> -U --no-ntp
This represents a challenge to security, even though its only minor (as in its only there for a minute or so), but its still there and it is the admin password.
Can ipa-client-install be updated to include a parameter to retrieve the admin password from a file? i.e.
/usr/bin/python -E /usr/sbin/ipa-client-install -p admin -from-file /tmp/credentials -U --no-ntp
That would then protect the admin password.
I am not familiar with python coding.
Thanks in advance,
Les
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141001/7b155bc9/attachment.htm>
More information about the Freeipa-users
mailing list