Ticket #365 (closed enhancement: fixed)

Opened 5 years ago

Last modified 4 years ago

Audit log - clear text password in user changes

Reported by: albertocrj Owned by: mreynolds
Priority: major Milestone: 1.3.0.a1
Component: Unknown Version: 1.2.10
Keywords: Cc:
Blocked By: Blocking:
Review: ack Ticket origin:
Red Hat Bugzilla: 830256


I have an 389 DS (version with AD replication and I enabled
the audit log, but when I change a user password, shows the unhashed
password in the audit log file:

time: 20120404113336
dn: uid=alberto.viana,OU=G,OU=RJ,dc=my,dc=domain
changetype: modify
replace: userPassword
userPassword: {SSHA}bqBSVbLJpqKCujEC2JC4ysaUUJuTsFe87AoPsQ==
replace: modifiersname


replace: modifytimestamp
modifytimestamp: 20120404143336Z
replace: unhashed#user#password
unhashed#user#password: maisumteste

I Already know that is the expected behavior. Is there any way to disable it?

Because I need the audit log but i dont want to show up user´s password in the log file.


0001-Ticket-365-passwords-in-clear-text-in-the-audit-log.patch (5.8 KB) - added by mreynolds 5 years ago.

Change History

comment:1 Changed 5 years ago by nkinder

  • Milestone changed from 0.0 NEEDS_TRIAGE to 1.3.0.rc1

comment:2 Changed 5 years ago by mreynolds

  • Owner changed from rmeggins to mreynolds
  • Status changed from new to assigned

comment:3 Changed 5 years ago by nhosoi

  • Review set to ack

comment:4 Changed 5 years ago by mreynolds

  • Status changed from assigned to closed
  • Resolution set to fixed

git merge ticket365
Updating dc37983..43fb648

ldap/servers/slapd/auditlog.c | 17 +++++++++++++++++
ldap/servers/slapd/libglobs.c | 19 +++++++++++++++++++
ldap/servers/slapd/proto-slap.h | 3 +++
ldap/servers/slapd/slap.h | 2 ++
4 files changed, 41 insertions(+), 0 deletions(-)

[mareynol@localhost servers]$ git push origin master
Counting objects: 17, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (9/9), done.
Writing objects: 100% (9/9), 1.63 KiB, done.
Total 9 (delta 7), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git

dc37983..43fb648 master -> master

comment:5 Changed 5 years ago by nhosoi

  • Red Hat Bugzilla set to [https://bugzilla.redhat.com/show_bug.cgi?id=830256 830256]

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=830256

comment:6 Changed 4 years ago by nkinder

  • screened set to 1

Added initial screened field value.

comment:7 Changed 4 years ago by rmeggins

  • Milestone changed from 1.3.0.rc1 to 1.3.0.a1

move closed tickets to 1.3.0.a1

Note: See TracTickets for help on using tickets.