tbordaz / 389-ds-base

Forked from 389-ds-base 7 years ago
Clone
Source Code
GIT

5a1e156 Ticket 50070 - new option to store unhashed password only in replication changelog

Authored and Committed by tbordaz 5 years ago
raw patch tree parent
4 files changed. 166 lines added. 2 lines removed.
dirsrvtests/tests/tickets/ticket50070_test.py
file added
+160
ldap/servers/plugins/retrocl/retrocl_po.c
file modified
+2 -1
ldap/servers/slapd/libglobs.c
file modified
+3 -1
ldap/servers/slapd/slapi-plugin.h
file modified
+1 -0 
    Ticket 50070 - new option to store unhashed password only in replication changelog
    
    Bug Description:
    	The option 'nsslapd-unhashed-pw-switch: nolog' prevents to log
    	unhashed#user#password in the logs (replication changelog and retroCL).
    	It could be a security concern to, releasing unhashed password to a ldap
    	client. A new option is to prevent logging of unhashed password in the
    	retroCL.
    
    Fix Description:
    	The fix is to not log in retroCL the unhashed password when the
    	nsslapd-unhashed-pw-switch is 'nolog' or 'on_only_repl'
    
    https://pagure.io/389-ds-base/issue/50070
    
    Reviewed by: ?
    
    Platforms tested: F27
    
    Flag Day: no
    
    Doc impact: no
file added
+160
file modified
+2 -1
file modified
+3 -1
file modified
+1 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.