This is server-side version of https://fedorahosted.org/freeipa/ticket/4040:
currently, in unattended runs, passwords need to be specified as command line parameters that will show up in ps / /proc outputs.
We need a way to pass the passwords without the words being disclosed to other users on the system. The ideas include reading them from environment variables, files, or filehandles.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1211603
This ticket is not critical for 4.2 GA and can be done in follow-up stabilization release - postponing.
I like the idea of a config file. We could use the same keys as the long options (excluding --). Later we can extend the feature to get all options from the config file:
$ ipa-server-install --help
-p DM_PASSWORD, --ds-password=DM_PASSWORD
Directory Manager password
-P MASTER_PASSWORD, --master-password=MASTER_PASSWORD
kerberos master password (normally autogenerated)
-a ADMIN_PASSWORD, --admin-password=ADMIN_PASSWORD
admin user kerberos password
We want this patch, it is just not in rush any more.
FreeIPA 4.2.1 was released, moving to 4.2.x.
see also #6314
Continuation of this effort should wait for installer refactoring.
Metadata Update from @adelton:
- Issue assigned to mbabinsk
- Issue set to the milestone: FreeIPA 4.5
Metadata Update from @pvoborni:
- Issue close_status updated to: None
- Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.5)
Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)
FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone
to comment on this ticket.