[Freeipa-users] can ipa-client-install be updated to call username/password from a file?

Tamas Papp tompos at martos.bme.hu
Wed Oct 1 08:37:33 UTC 2014

On 10/01/2014 10:19 AM, Les Stott wrote:
> Hi,
> I am using freeipa in a rhel6 environment with ipa-3.0.0-37.el6 client.
> I am working on doing an unattended ipa client installation. I have it 
> working with the following….
> /usr/sbin/ipa-client-install -p admin -w <admin_password> -U --no-ntp
> While this works, while it runs, the <admin_password> value is visable 
> in the output of a ps –ef command on the host when installing the ipa 
> client.
> # ps -ef |grep ipa
> root     30284 30283 43 03:31 ? 00:00:01 /usr/bin/python -E 
> /usr/sbin/ipa-client-install -p admin -w <plain_text_password> -U --no-ntp
> This represents a challenge to security, even though its only minor 
> (as in its only there for a minute or so), but its still there and it 
> is the admin password.
> Can  ipa-client-install be updated to include a parameter to retrieve 
> the admin password from a file? i.e.

Try it with '-W < pwfile'.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141001/0e4f5155/attachment.htm>

More information about the Freeipa-users mailing list