diff options
-rw-r--r-- | ipapython/ipautil.py | 13 | ||||
-rw-r--r-- | ipaserver/install/krbinstance.py | 2 | ||||
-rw-r--r-- | ipaserver/install/service.py | 7 |
3 files changed, 18 insertions, 4 deletions
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 77c838e80..8ce8bb970 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -20,6 +20,8 @@ SHARE_DIR = "/usr/share/ipa/" PLUGINS_SHARE_DIR = "/usr/share/ipa/plugins" +GEN_PWD_LEN = 12 + import string import tempfile import logging @@ -422,8 +424,15 @@ def parse_generalized_time(timestr): def ipa_generate_password(): rndpwd = '' r = random.SystemRandom() - for x in range(12): - rndpwd += chr(r.randint(32,126)) + for x in range(GEN_PWD_LEN): + # do not generate space (chr(32)) as the first or last character + if x == 0 or x == (GEN_PWD_LEN-1): + rndchar = chr(r.randint(33,126)) + else: + rndchar = chr(r.randint(32,126)) + + rndpwd += rndchar + return rndpwd diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index d89ad0b33..e7c111637 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -335,7 +335,7 @@ class KrbInstance(service.Service): #populate the directory with the realm structure args = ["kdb5_ldap_util", "-D", "uid=kdc,cn=sysaccounts,cn=etc,"+self.suffix, "-w", self.kdc_password, "create", "-s", "-P", self.master_password, "-r", self.realm, "-subtrees", self.suffix, "-sscope", "sub"] try: - ipautil.run(args) + ipautil.run(args, nolog=(self.kdc_password, self.master_password)) except ipautil.CalledProcessError, e: print "Failed to populate the realm structure in kerberos", e diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index 27c55618e..ef3becdf3 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -124,12 +124,17 @@ class Service: fd = None path = ipautil.SHARE_DIR + ldif hostname = installutils.get_fqdn() + nologlist=() if sub_dict is not None: txt = ipautil.template_file(path, sub_dict) fd = ipautil.write_tmp_file(txt) path = fd.name + # do not log passwords + if sub_dict.has_key('PASSWORD'): + nologlist = sub_dict['PASSWORD'], + if self.dm_password: [pw_fd, pw_name] = tempfile.mkstemp() os.write(pw_fd, self.dm_password) @@ -143,7 +148,7 @@ class Service: try: try: - ipautil.run(args) + ipautil.run(args, nolog=nologlist) except ipautil.CalledProcessError, e: logging.critical("Failed to load %s: %s" % (ldif, str(e))) finally: |