#365 Audit log - clear text password in user changes
Closed: wontfix None Opened 10 years ago by albertocrj.

I have an 389 DS (version 1.2.10.4) with AD replication and I enabled
the audit log, but when I change a user password, shows the unhashed
password in the audit log file:

time: 20120404113336
dn: uid=alberto.viana,OU=G,OU=RJ,dc=my,dc=domain
changetype: modify
replace: userPassword
userPassword: {SSHA}bqBSVbLJpqKCujEC2JC4ysaUUJuTsFe87AoPsQ==
-
replace: modifiersname
modifiersname:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
-
replace: modifytimestamp
modifytimestamp: 20120404143336Z
-
replace: unhashed#user#password
unhashed#user#password: maisumteste
-

I Already know that is the expected behavior. Is there any way to disable it?

Because I need the audit log but i dont want to show up userĀ“s password in the log file.


git merge ticket365
Updating dc37983..43fb648
Fast-forward
ldap/servers/slapd/auditlog.c | 17 +++++++++++++++++
ldap/servers/slapd/libglobs.c | 19 +++++++++++++++++++
ldap/servers/slapd/proto-slap.h | 3 +++
ldap/servers/slapd/slap.h | 2 ++
4 files changed, 41 insertions(+), 0 deletions(-)

[mareynol@localhost servers]$ git push origin master
Counting objects: 17, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (9/9), done.
Writing objects: 100% (9/9), 1.63 KiB, done.
Total 9 (delta 7), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
dc37983..43fb648 master -> master

Added initial screened field value.

move closed tickets to 1.3.0.a1

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.3.0.a1

5 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/365

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

2 years ago

Login to comment on this ticket.

Metadata