Bug 37489
| Summary: | Kerberos PW readable in join.log | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Janek Walkenhorst <walkenhorst> |
| Component: | Join (univention-join) | Assignee: | Philipp Hahn <hahn> |
| Status: | CLOSED FIXED | QA Contact: | Florian Best <best> |
| Severity: | normal | ||
| Priority: | P4 | CC: | best, gohmann, scherer |
| Version: | UCS 4.0 | ||
| Target Milestone: | UCS 4.0-1-errata | ||
| Hardware: | All | ||
| OS: | Linux | ||
| What kind of report is it?: | --- | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
| Bug Depends on: | 8817 | ||
| Bug Blocks: | |||
| Attachments: | patch? | ||
|
Description
Janek Walkenhorst
Created attachment 6716 [details]
patch?
univention-server-join writes it into a logfile. The problem is that univention.join parses the logfile to get the password.
Maybe better would be to directly create a file like /tmp/kerberos.secret or something?
The patch just strips it when writing into the join.log logfile.
r58956 | Bug #37489 Join: Copyright 2015 r58955 | Bug #37489 Join: filter out password from log file Package: univention-join Version: 7.1.2-14.500.201503131454 Branch: ucs_4.0-0 Scope: errata4.0-1 r58959 | Bug #37489 Join: filter out password from log file YAML 2015-03-13-univention-join.yaml Please check the YAML entries, there is a wrong bug number. (In reply to Florian Best from comment #3) > Please check the YAML entries, there is a wrong bug number. r59049 | Bug #37489 Join: filter out password from log file YAML OK: Password not anymore in logfile OK: secret file removed at the end of join process OK: YAML |