diff options
author | Jan Cholasta <jcholast@redhat.com> | 2011-10-11 18:44:33 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-10-11 21:25:17 -0400 |
commit | 0d823ddc4e5fa7f8bdecb590b4ebd129106b063f (patch) | |
tree | e51b69d494ea4a590fb467b48c569d8ecaa9157d /ipaserver | |
parent | f2fb6552c91fa530597e6deb776d90344bfe67bd (diff) | |
download | freeipa-0d823ddc4e5fa7f8bdecb590b4ebd129106b063f.tar.gz freeipa-0d823ddc4e5fa7f8bdecb590b4ebd129106b063f.tar.xz freeipa-0d823ddc4e5fa7f8bdecb590b4ebd129106b063f.zip |
Don't leak passwords through kdb5_ldap_util command line arguments.
ticket 1948
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/krbinstance.py | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 74e28bc6..cb090e82 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -295,11 +295,17 @@ class KrbInstance(service.Service): def __init_ipa_kdb(self): #populate the directory with the realm structure - args = ["kdb5_util", "create", "-s", "-P", self.master_password, + args = ["kdb5_util", "create", "-s", "-r", self.realm, "-x", "ipa-setup-override-restrictions"] + dialogue = ( + # Enter KDC database master key: + self.master_password + '\n', + # Re-enter KDC database master key to verify: + self.master_password + '\n', + ) try: - ipautil.run(args, nolog=(self.master_password)) + ipautil.run(args, nolog=(self.master_password), stdin=''.join(dialogue)) except ipautil.CalledProcessError, e: print "Failed to initialize the realm container" |