#50794 [RFE] Use keyring to manage starting password/pin
Opened 8 months ago by tbordaz. Modified 7 months ago

Issue Description

When using TLS/encryption access to NSS database is protected by a password.
It is possible to store the password in a file (pin.txt) on the local file system.
user having access to that file can retrieve the clear text password and read sensitive data stored in the NSS database

Package Version and Platform

all version

Steps to reproduce

  1. dscreate with self_sign_cert
  2. check that pin.txt exists and allows to start ds

Actual results

with pin.txt, an instance with security enabled can start without prompt and pin.txt can be used to read NSS db

Expected results

Allow (re)start without pin file and without prompt

Metadata Update from @tbordaz:
- Issue assigned to tbordaz

8 months ago

Metadata Update from @tbordaz:
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1638875

8 months ago

Just for the recording this is a set of tests keyring_tests.sh

Metadata Update from @mreynolds:
- Issue set to the milestone: 1.4.3

7 months ago

Login to comment on this ticket.