2 files changed, 7 insertions, 2 deletions

diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index d89ad0b3..e7c11163 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -335,7 +335,7 @@ class KrbInstance(service.Service):
             #populate the directory with the realm structure
             args = ["kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"]
             try:
-                ipautil.run(args)
+                ipautil.run(args, nolog=(self.kdc_password, self.master_password))
             except ipautil.CalledProcessError, e:
                 print "Failed to populate the realm structure in kerberos", e
 
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 27c55618..ef3becdf 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -124,12 +124,17 @@ class Service:
         fd = None
         path = ipautil.SHARE_DIR + ldif
         hostname = installutils.get_fqdn()
+        nologlist=()
 
         if sub_dict is not None:
             txt = ipautil.template_file(path, sub_dict)
             fd = ipautil.write_tmp_file(txt)
             path = fd.name
 
+            # do not log passwords
+            if sub_dict.has_key('PASSWORD'):
+                nologlist = sub_dict['PASSWORD'],
+
         if self.dm_password:
             [pw_fd, pw_name] = tempfile.mkstemp()
             os.write(pw_fd, self.dm_password)
@@ -143,7 +148,7 @@ class Service:
 
         try:
             try:
-                ipautil.run(args)
+                ipautil.run(args, nolog=nologlist)
             except ipautil.CalledProcessError, e:
                 logging.critical("Failed to load %s: %s" % (ldif, str(e)))
         finally: