From 719478fd34077fcbf1b6c6ad201c36ff57983490 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Wed, 28 Nov 2012 09:27:16 -0500 Subject: Reorganized sensitive parameters. Previously sensitive parameters are stored in the Sensitive section in the configuration file, separate from the hierarchical structure used by non-sensitive parameters. To allow defining multiple subsystems in a single configuration file the sensitive and non-sensitive parameters have been reorganized into the same hierarchical structure. To maintain the security a new meta-parameter has been added to list all sensitive parameter names. This way the deployment code will know whether a parameter is sensitive, which then will mask the value before displaying it to the screen or storing it in a log file. Ticket #399 --- base/deploy/src/scriptlets/configuration.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'base/deploy/src/scriptlets/configuration.py') diff --git a/base/deploy/src/scriptlets/configuration.py b/base/deploy/src/scriptlets/configuration.py index c9454d951..2d7797b06 100644 --- a/base/deploy/src/scriptlets/configuration.py +++ b/base/deploy/src/scriptlets/configuration.py @@ -22,7 +22,6 @@ # PKI Deployment Imports import pkiconfig as config from pkiconfig import pki_master_dict as master -from pkiconfig import pki_sensitive_dict as sensitive import pkihelper as util import pkimessages as log import pkiscriptlet @@ -51,7 +50,7 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # allowing 'certutil' to generate the security databases util.password.create_password_conf( master['pki_client_password_conf'], - sensitive['pki_client_database_password'], pin_sans_token=True) + master['pki_client_database_password'], pin_sans_token=True) util.file.modify(master['pki_client_password_conf'], uid=0, gid=0) # Similarly, create a simple password file containing the -- cgit