diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-03-15 17:06:24 -0400 |
|---|---|---|
| committer | Jason Gerard DeRose <jderose@redhat.com> | 2010-03-19 07:59:24 -0600 |
| commit | 99da0d88f066826fc33562045d47f6cc760633b5 (patch) | |
| tree | 94e5637b8a5eb2aa2838c0220e85a3ae05de710a /ipaserver/install/cainstance.py | |
| parent | a887922fa97a43c31139dcd4159dfbee0f9c2093 (diff) | |
| download | freeipa-99da0d88f066826fc33562045d47f6cc760633b5.tar.gz freeipa-99da0d88f066826fc33562045d47f6cc760633b5.tar.xz freeipa-99da0d88f066826fc33562045d47f6cc760633b5.zip | |
Provide mechanism in ipautil.run() to not log all arguments.
This is primarily designed to not log passwords but it could have other
uses.
567867
Diffstat (limited to 'ipaserver/install/cainstance.py')
| -rw-r--r-- | ipaserver/install/cainstance.py | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 585bccef1..aedee8cfb 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -614,8 +614,17 @@ class CAInstance(service.Service): args.append("-clone") args.append("false") + # Define the things we don't want logged + nolog = (('-client_certdb_pwd', 1), + ('-admin_password', 1), + ('-bind_password', 1), + ('-backup_pwd', 1), + ('-clone_p12_password', 1), + ('-sd_admin_password', 1), + ) + logging.debug(args) - ipautil.run(args) + ipautil.run(args, nolog=nolog) if self.external == 1: print "The next step is to get %s signed by your CA and re-run ipa-server-install as:" % self.csr_file |