2d58e3b Don't log host passwords when they are set/modified

Authored and Committed by rcritten 4 years ago
    Don't log host passwords when they are set/modified
    
    The host password was defined as a Str type so would be
    logged in cleartext in the Apache log.
    
    A new class, HostPassword, was defined to only override
    safe_value() so it always returns an obfuscated value.
    
    The Password class cannot be used because it has special treatment
    in the frontend to manage prompting and specifically doesn't
    allow a value to be passed into it. This breaks backwards
    compatibility with older clients. Since this class is derived
    from Str old clients treat it as a plain string value.
    
    This also removes the search option from passwords.
    
    https://pagure.io/freeipa/issue/8017
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
    
        
file modified
+3 -4
file modified
+17 -4