#365 Audit log - clear text password in user changes

Created 5 years ago by albertocrj
Modified 6 months ago

I have an 389 DS (version 1.2.10.4) with AD replication and I enabled
the audit log, but when I change a user password, shows the unhashed
password in the audit log file:

time: 20120404113336
dn: uid=alberto.viana,OU=G,OU=RJ,dc=my,dc=domain
changetype: modify
replace: userPassword
userPassword: {SSHA}bqBSVbLJpqKCujEC2JC4ysaUUJuTsFe87AoPsQ==
-
replace: modifiersname
modifiersname:
uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
t
-
replace: modifytimestamp
modifytimestamp: 20120404143336Z
-
replace: unhashed#user#password
unhashed#user#password: maisumteste
-

I Already know that is the expected behavior. Is there any way to disable it?

Because I need the audit log but i dont want to show up userĀ“s password in the log file.

git merge ticket365
Updating dc37983. 43fb648
Fast-forward
ldap/servers/slapd/auditlog.c | 17 +++++++++++++++++
ldap/servers/slapd/libglobs.c | 19 +++++++++++++++++++
ldap/servers/slapd/proto-slap.h | 3 +++
ldap/servers/slapd/slap.h | 2 ++
4 files changed, 41 insertions(+), 0 deletions(-)

[mareynol @localhost servers]$ git push origin master
Counting objects: 17, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (9/9), done.
Writing objects: 100% (9/9), 1.63 KiB, done.
Total 9 (delta 7), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
dc37983. 43fb648 master -> master

Added initial screened field value.

move closed tickets to 1.3.0.a1

6 months ago

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.3.0.a1

Login to comment on this ticket.

ack

Unknown

1.2.10

enhancement

cancel