[Freeipa-devel] [PATCH] Encrypt replica file
Martin Nagy
mnagy at redhat.com
Tue Aug 12 10:28:38 UTC 2008
Simo Sorce wrote:
> This patch encrypts the replica file so that even if the file is left
> around it does not expose security relevant information.
>
> Unfortunately while testing I got an error down the patch after my patch
> is concerned, setting up the replica fails with:
>
> [16/16]: configuring directory to start on boot
> done configuring dirsrv.
> creation of replica failed: {'info': 'Operation requires a secure
> connection.\n', 'desc': 'Confidentiality required'}
>
>
> I think this is unrelated to this patch but if you see anything that can
> cause it let me know, this is why I am sending the patch for review even
> if I could not successfully test a complete replication setup.
>
> Simo.
Sorry that I didn't object sooner, but I'm strongly against adding the
-p option:
+ parser.add_option("-p", "--password", dest="password",
+ help="Directory Manager (existing master) password")
I know this is very convenient, but it is really insecure. Can we throw
this option away?
Martin
More information about the Freeipa-devel
mailing list