I have an 389 DS (version 1.2.10.4) with AD replication and I enabled the audit log, but when I change a user password, shows the unhashed password in the audit log file:
time: 20120404113336 dn: uid=alberto.viana,OU=G,OU=RJ,dc=my,dc=domain changetype: modify replace: userPassword userPassword: {SSHA}bqBSVbLJpqKCujEC2JC4ysaUUJuTsFe87AoPsQ== - replace: modifiersname modifiersname: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo t - replace: modifytimestamp modifytimestamp: 20120404143336Z - replace: unhashed#user#password unhashed#user#password: maisumteste - I Already know that is the expected behavior. Is there any way to disable it?
time: 20120404113336 dn: uid=alberto.viana,OU=G,OU=RJ,dc=my,dc=domain changetype: modify replace: userPassword userPassword: {SSHA}bqBSVbLJpqKCujEC2JC4ysaUUJuTsFe87AoPsQ== - replace: modifiersname modifiersname: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo t - replace: modifytimestamp modifytimestamp: 20120404143336Z - replace: unhashed#user#password unhashed#user#password: maisumteste -
I Already know that is the expected behavior. Is there any way to disable it?
Because I need the audit log but i dont want to show up userĀ“s password in the log file.
attachment 0001-Ticket-365-passwords-in-clear-text-in-the-audit-log.patch
git merge ticket365 Updating dc37983..43fb648 Fast-forward ldap/servers/slapd/auditlog.c | 17 +++++++++++++++++ ldap/servers/slapd/libglobs.c | 19 +++++++++++++++++++ ldap/servers/slapd/proto-slap.h | 3 +++ ldap/servers/slapd/slap.h | 2 ++ 4 files changed, 41 insertions(+), 0 deletions(-)
[mareynol@localhost servers]$ git push origin master Counting objects: 17, done. Delta compression using up to 4 threads. Compressing objects: 100% (9/9), done. Writing objects: 100% (9/9), 1.63 KiB, done. Total 9 (delta 7), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git dc37983..43fb648 master -> master
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=830256
Added initial screened field value.
move closed tickets to 1.3.0.a1
Metadata Update from @mreynolds: - Issue assigned to mreynolds - Issue set to the milestone: 1.3.0.a1
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/365
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Log in to comment on this ticket.