Univention Bugzilla – Bug 37489
Kerberos PW readable in join.log
Last modified: 2015-03-25 16:34:40 CET
The kerberos password is stored in univention/join.log during join with univention-join. ldap_dn="cn=ucs-9267,cn=dc,cn=computers,dc=organisation,dc=intranet" KerberosPasswd="tLrRpMEy7y8OQXW97oDN" +++ This bug was initially created as a clone of Bug #8817 +++ Im join.log steht das Kerberospasswort im Klartext: KerberosPasswd="o4dGtyX9"
Created attachment 6716 [details] patch? univention-server-join writes it into a logfile. The problem is that univention.join parses the logfile to get the password. Maybe better would be to directly create a file like /tmp/kerberos.secret or something? The patch just strips it when writing into the join.log logfile.
r58956 | Bug #37489 Join: Copyright 2015 r58955 | Bug #37489 Join: filter out password from log file Package: univention-join Version: 7.1.2-14.500.201503131454 Branch: ucs_4.0-0 Scope: errata4.0-1 r58959 | Bug #37489 Join: filter out password from log file YAML 2015-03-13-univention-join.yaml
Please check the YAML entries, there is a wrong bug number.
(In reply to Florian Best from comment #3) > Please check the YAML entries, there is a wrong bug number. r59049 | Bug #37489 Join: filter out password from log file YAML
OK: Password not anymore in logfile OK: secret file removed at the end of join process OK: YAML
<http://errata.univention.de/ucs/4.0/123.html>