I have 389 DS with AD replication and after a password change via windows, administrator login can see the "unhashed#user#password" clear text in the 389 ds console. After a dirsrv restart, the field just dissapears, so it seems unhashed#user#password does not get stored in the database.
I Already know that is the expected behavior but it seems to be no purpose to show it on console. It´s possible to disable it?
attachment <img alt="unhashedpasswd.jpg" src="/389-ds-base/issue/raw/files/bd870ef722eb5c4657cfcddf9895ba975b30016cd57d1a459790511177324967-unhashedpasswd.jpg" />
Look into disabling the attribute all together.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=830001 (''Red Hat Enterprise Linux 6'')
git patch file (master) 0001-Bug-829213-unhashed-user-password-visible-after-chan.patch
git patch file (master) 0002-Bug-829213-unhashed-user-password-visible-after-chan.patch
git patch file (master) 0003-Bug-829213-unhashed-user-password-visible-after-chan.patch
git patch file (master) 0004-audit-log-does-not-log-unhashed-password-enabled-by-.patch
Looks good, ack
Reviewed by Mark (Thanks!!!)
Pushed to master.
$ git merge trac378 Updating 6c17ec5..df52933 Fast-forward ldap/servers/plugins/deref/deref.c | 6 ++++++ ldap/servers/slapd/attr.c | 9 ++++++++- ldap/servers/slapd/auditlog.c | 2 +- ldap/servers/slapd/entry.c | 26 +++++++++++++++++++++++--- ldap/servers/slapd/entrywsi.c | 12 ++++++++++-- ldap/servers/slapd/libglobs.c | 2 +- ldap/servers/slapd/pblock.c | 16 ++++++++++++++++ ldap/servers/slapd/plugin_internal_op.c | 27 ++++++++++++++++++++++----- ldap/servers/slapd/proto-slap.h | 2 +- ldap/servers/slapd/pw_mgmt.c | 5 ++++- ldap/servers/slapd/schema.c | 15 +++++++++------ 11 files changed, 101 insertions(+), 21 deletions(-)
$ git push Enter passphrase for key '/home/nhosoi/.ssh/id_rsa': Counting objects: 52, done. Delta compression using up to 4 threads. Compressing objects: 100% (34/34), done. Writing objects: 100% (34/34), 4.96 KiB, done. Total 34 (delta 27), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 6c17ec5..df52933 master -> master
Added initial screened field value.
Metadata Update from @mreynolds: - Issue assigned to rmeggins - Issue set to the milestone: 1.2.11.6
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/378
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.