diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-28 09:27:16 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-30 16:02:48 -0500 |
commit | 5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6 (patch) | |
tree | dd8f1cad6df0d45547111b9e46682975518c1a46 /base/deploy/src/scriptlets/security_databases.py | |
parent | cef7a7704f9f4b48c0a9b242fabd3a919f2068d5 (diff) | |
download | pki-5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6.tar.gz pki-5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6.tar.xz pki-5e93dc2ce2c26c43d3e2f7e9a40cbf08507a5ea6.zip |
Reorganized sensitive parameters.
Previously sensitive parameters are stored in the Sensitive section in
the configuration file, separate from the hierarchical structure used
by non-sensitive parameters. To allow defining multiple subsystems in
a single configuration file the sensitive and non-sensitive parameters
have been reorganized into the same hierarchical structure.
To maintain the security a new meta-parameter has been added to list
all sensitive parameter names. This way the deployment code will know
whether a parameter is sensitive, which then will mask the value before
displaying it to the screen or storing it in a log file.
Ticket #399
Diffstat (limited to 'base/deploy/src/scriptlets/security_databases.py')
-rw-r--r-- | base/deploy/src/scriptlets/security_databases.py | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/base/deploy/src/scriptlets/security_databases.py b/base/deploy/src/scriptlets/security_databases.py index 0cc660b3a..a74a4c157 100644 --- a/base/deploy/src/scriptlets/security_databases.py +++ b/base/deploy/src/scriptlets/security_databases.py @@ -22,7 +22,6 @@ # PKI Deployment Imports import pkiconfig as config from pkiconfig import pki_master_dict as master -from pkiconfig import pki_sensitive_dict as sensitive import pkihelper as util import pkimessages as log import pkiscriptlet @@ -41,14 +40,14 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): extra=config.PKI_INDENTATION_LEVEL_1) util.password.create_password_conf( master['pki_shared_password_conf'], - sensitive['pki_pin']) + master['pki_pin']) # Since 'certutil' does NOT strip the 'token=' portion of # the 'token=password' entries, create a temporary server 'pfile' # which ONLY contains the 'password' for the purposes of # allowing 'certutil' to generate the security databases util.password.create_password_conf( master['pki_shared_pfile'], - sensitive['pki_pin'], pin_sans_token=True) + master['pki_pin'], pin_sans_token=True) util.file.modify(master['pki_shared_password_conf']) util.certutil.create_security_databases( master['pki_database_path'], |