Univention Bugzilla – Full Text Bug Listing |
Summary: | Kerberos PW readable in join.log | ||
---|---|---|---|
Product: | UCS | Reporter: | Janek Walkenhorst <walkenhorst> |
Component: | Join (univention-join) | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Florian Best <best> |
Severity: | normal | ||
Priority: | P4 | CC: | best, gohmann, scherer |
Version: | UCS 4.0 | ||
Target Milestone: | UCS 4.0-1-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | 8817 | ||
Bug Blocks: | |||
Attachments: | patch? |
Description
Janek Walkenhorst
2015-01-08 17:05:41 CET
Created attachment 6716 [details]
patch?
univention-server-join writes it into a logfile. The problem is that univention.join parses the logfile to get the password.
Maybe better would be to directly create a file like /tmp/kerberos.secret or something?
The patch just strips it when writing into the join.log logfile.
r58956 | Bug #37489 Join: Copyright 2015 r58955 | Bug #37489 Join: filter out password from log file Package: univention-join Version: 7.1.2-14.500.201503131454 Branch: ucs_4.0-0 Scope: errata4.0-1 r58959 | Bug #37489 Join: filter out password from log file YAML 2015-03-13-univention-join.yaml Please check the YAML entries, there is a wrong bug number. (In reply to Florian Best from comment #3) > Please check the YAML entries, there is a wrong bug number. r59049 | Bug #37489 Join: filter out password from log file YAML OK: Password not anymore in logfile OK: secret file removed at the end of join process OK: YAML |