From 7fddc1df573cb56949b1bc8ad83a041e97523df1 Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde Date: Mar 30 2017 11:20:57 +0000 Subject: Hide PKI Client database password in log file Signed-off-by: Abhijeet Kasurde Reviewed-By: Stanislav Laznicka --- diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 92bb760..2d33a97 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -617,7 +617,10 @@ class CAInstance(DogtagInstance): try: DogtagInstance.spawn_instance( self, cfg_file, - nolog_list=(self.dm_password, self.admin_password, pki_pin) + nolog_list=(self.dm_password, + self.admin_password, + pki_pin, + self.tmp_agent_pwd) ) finally: os.remove(cfg_file) diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py index 34d6678..6fa4f0f 100644 --- a/ipaserver/install/krainstance.py +++ b/ipaserver/install/krainstance.py @@ -150,6 +150,7 @@ class KRAInstance(DogtagInstance): os.chown(cfg_file, pent.pw_uid, pent.pw_gid) self.tmp_agent_db = tempfile.mkdtemp( prefix="tmp-", dir=paths.VAR_LIB_IPA) + tmp_agent_pwd = ipautil.ipa_generate_password() # Create KRA configuration config = ConfigParser() @@ -173,8 +174,7 @@ class KRAInstance(DogtagInstance): # Client security database config.set("KRA", "pki_client_database_dir", self.tmp_agent_db) - config.set("KRA", "pki_client_database_password", - ipautil.ipa_generate_password()) + config.set("KRA", "pki_client_database_password", tmp_agent_pwd) config.set("KRA", "pki_client_database_purge", "True") config.set("KRA", "pki_client_pkcs12_password", self.admin_password) @@ -279,7 +279,10 @@ class KRAInstance(DogtagInstance): try: DogtagInstance.spawn_instance( self, cfg_file, - nolog_list=(self.dm_password, self.admin_password, pki_pin) + nolog_list=(self.dm_password, + self.admin_password, + pki_pin, + tmp_agent_pwd) ) finally: os.remove(p12_tmpfile_name)