Learn more about these different git repos.
Other Git URLs
Review the password obfuscation code with NSS team and make sure that best practices are followed.
I think this should be done better sooner than later to avoid more issues with OpenLDAP using NSS. See https://fedorahosted.org/sssd/ticket/762
During a security audit conducted by a senior NSS developer these enhancements were proposed: - use PK11_KeyGen() instead of PK11_GenerateRandom() and then use PK11_ExtractKeyValue() followed by PK11_GetKeyData() to get the key data. - include a warning about password obfuscation not increasing security directly in the source file so that people who would like to use the code see it. The current version only includes a warning in the sssd-ldap manual page only.
PK11_KeyGen()
PK11_GenerateRandom()
PK11_ExtractKeyValue()
PK11_GetKeyData()
owner: somebody => jhrozek
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.5.1
Fixed by fd72f76
resolution: => fixed status: new => closed upgrade: => 0
rhbz: => 0
Metadata Update from @dpal: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.5.1
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/1794
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.