By default, it has been observed that often the following passwords are set in the user's default configuration file:
[DEFAULT] pki_admin_password=<password> pki_backup_password=<password> pki_client_pkcs12_password=<password> pki_ds_password=<password> pki_security_domain_password=<password>
Specifically, although the 'pki_backup_password' is set, it will NOT be utilized unless the user also sets 'pki_backup_keys=True' (this is set to 'pki_backup_keys=False' in '/etc/pki/default.cfg').
This ticket has been filed to suggest adding logic to 'verify_predefined_configuration_file_data()' in the 'pkihelper.py' to either warn/notify the user that it is insufficient to simply set this password, or exit out of the routine if a pki_backup_password has been set but pki_backup_keys is still set to false.
This should be fixed in the man pages. The current pkispawn man page has an example that shows the backup password being set, but not setting the backup option to True.
Fixed and pushed to master in 6f041151bdd292410923deb8f5e92f45b549d46a
Metadata Update from @mharmsen: - Issue assigned to kaskahn - Issue set to the milestone: 10.0.2
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1036
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.