diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-28 09:27:16 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-28 10:24:48 -0500 |
commit | 310a30f230eae7fd34d8a41e54ee3125ffb91046 (patch) | |
tree | f6e390ddf170d933f9c22f471afad129150fb840 /base/deploy/src/scriptlets/security_databases.py | |
parent | 3683d2a0647ff09508d0cf1f0553a35870c110db (diff) | |
download | pki-310a30f230eae7fd34d8a41e54ee3125ffb91046.tar.gz pki-310a30f230eae7fd34d8a41e54ee3125ffb91046.tar.xz pki-310a30f230eae7fd34d8a41e54ee3125ffb91046.zip |
Reorganized sensitive parameters.
Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.
To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.
Ticket #399
Diffstat (limited to 'base/deploy/src/scriptlets/security_databases.py')
-rw-r--r-- | base/deploy/src/scriptlets/security_databases.py | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py index be0eecf56..847d0a59f 100644 --- a/base/deploy/src/scriptlets/security_databases.py +++ b/base/deploy/src/scriptlets/security_databases.py @@ -22,7 +22,6 @@ # PKI Deployment Imports import pkiconfig as config from pkiconfig import pki_master_dict as master -from pkiconfig import pki_sensitive_dict as sensitive import pkihelper as util import pkimessages as log import pkiscriptlet @@ -41,14 +40,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_1) util.password.create_password_conf( master['pki_shared_password_conf'], - sensitive['pki_pin']) + master['pki_pin']) # Since 'certutil' does NOT strip the 'token=' portion of # the 'token=password' entries, create a temporary server 'pfile' # which ONLY contains the 'password' for the purposes of # allowing 'certutil' to generate the security databases util.password.create_password_conf( master['pki_shared_pfile'], - sensitive['pki_pin'], pin_sans_token=True) + master['pki_pin'], pin_sans_token=True) util.file.modify(master['pki_shared_password_conf']) util.certutil.create_security_databases( master['pki_database_path'], |