https://bugzilla.redhat.com/show_bug.cgi?id=182509
Description of problem: When a changelog is enabled and a userPassword is modified, both the hash and the cleartext are logged for winsync's benefit: change:: replace: userPassword userPassword: {SSHA}vqtiN2LHdrEUOJUKu+IBVqAVFsAlvFw+11kD/Q== - replace: unhashed#user#password unhashed#user#password: secret12 The change (including the cleartext password) is sent to replicas (where the cleartext password is actually ignored, see #182507). We should probably require that MMR is configured with SSL if passwords are sent in the clear. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1.Configure two replicas with MMR, M1 and M2. 2.Change a userPassword in M2. Actual results: Expected results: Additional info:
This issue had been already treated when bz 182507 was solved.
commit changeset:7aef407/389-ds-base Author: Noriko Hosoi nhosoi@jiji.usersys.redhat.com Date: Wed Dec 15 13:01:04 2010 -0800
Bug 182507 - clear-password mod from replica is discarded before changelogge https://bugzilla.redhat.com/show_bug.cgi?id=182507 Description: Replication drops unhashed passwords which is necessary for the AD password sync. This patch allows the passwords replicated and introduces a method to encrypt logs in the changelog. See also http://directory.fedoraproject.org/wiki/Changelog_Encryption
already fixed in 1.2.9 or earlier
Added initial screened field value.
Metadata Update from @nkinder: - Issue assigned to rmeggins - Issue set to the milestone: 1.2.10
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/149
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Invalid)
Login to comment on this ticket.