summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/configuration.py
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-11-28 09:27:16 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-11-30 16:02:48 -0500
commit5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6 (patch)
treedd8f1cad6df0d45547111b9e46682975518c1a46 /base/deploy/src/scriptlets/configuration.py
parentcef7a7704f9f4b48c0a9b242fabd3a919f2068d5 (diff)
downloadpki-5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6.tar.gz
pki-5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6.tar.xz
pki-5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6.zip
Reorganized sensitive parameters.
Previously sensitive parameters are stored in the Sensitive section in the configuration file, separate from the hierarchical structure used by non-sensitive parameters. To allow defining multiple subsystems in a single configuration file the sensitive and non-sensitive parameters have been reorganized into the same hierarchical structure. To maintain the security a new meta-parameter has been added to list all sensitive parameter names. This way the deployment code will know whether a parameter is sensitive, which then will mask the value before displaying it to the screen or storing it in a log file. Ticket #399
Diffstat (limited to 'base/deploy/src/scriptlets/configuration.py')
-rw-r--r--base/deploy/src/scriptlets/configuration.py3
1 files changed, 1 insertions, 2 deletions
diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py
index c9454d951..2d7797b06 100644
--- a/base/deploy/src/scriptlets/configuration.py
+++ b/base/deploy/src/scriptlets/configuration.py
@@ -22,7 +22,6 @@
# PKI Deployment Imports
import pkiconfig as config
from pkiconfig import pki_master_dict as master
-from pkiconfig import pki_sensitive_dict as sensitive
import pkihelper as util
import pkimessages as log
import pkiscriptlet
@@ -51,7 +50,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# allowing 'certutil' to generate the security databases
util.password.create_password_conf(
master['pki_client_password_conf'],
- sensitive['pki_client_database_password'], pin_sans_token=True)
+ master['pki_client_database_password'], pin_sans_token=True)
util.file.modify(master['pki_client_password_conf'],
uid=0, gid=0)
# Similarly, create a simple password file containing the