path: root/base/deploy/src/scriptlets/
diff options
authorEndi Sukma Dewata <>2012-11-28 09:27:16 -0500
committerEndi Sukma Dewata <>2012-11-30 15:10:31 -0500
commit719478fd34077fcbf1b6c6ad201c36ff57983490 (patch)
treedd8f1cad6df0d45547111b9e46682975518c1a46 /base/deploy/src/scriptlets/
parentcef7a7704f9f4b48c0a9b242fabd3a919f2068d5 (diff)
Reorganized sensitive parameters.
Previously sensitive parameters are stored in the Sensitive section in the configuration file, separate from the hierarchical structure used by non-sensitive parameters. To allow defining multiple subsystems in a single configuration file the sensitive and non-sensitive parameters have been reorganized into the same hierarchical structure. To maintain the security a new meta-parameter has been added to list all sensitive parameter names. This way the deployment code will know whether a parameter is sensitive, which then will mask the value before displaying it to the screen or storing it in a log file. Ticket #399
Diffstat (limited to 'base/deploy/src/scriptlets/')
1 files changed, 1 insertions, 2 deletions
diff --git a/base/deploy/src/scriptlets/ b/base/deploy/src/scriptlets/
index c9454d951..2d7797b06 100644
--- a/base/deploy/src/scriptlets/
+++ b/base/deploy/src/scriptlets/
@@ -22,7 +22,6 @@
# PKI Deployment Imports
import pkiconfig as config
from pkiconfig import pki_master_dict as master
-from pkiconfig import pki_sensitive_dict as sensitive
import pkihelper as util
import pkimessages as log
import pkiscriptlet
@@ -51,7 +50,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
# allowing 'certutil' to generate the security databases
- sensitive['pki_client_database_password'], pin_sans_token=True)
+ master['pki_client_database_password'], pin_sans_token=True)
uid=0, gid=0)
# Similarly, create a simple password file containing the