FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 04-04-2012, 02:42 PM
Alberto Viana
 
Default Audit log - clear text password in user changes

I have an 389 DS (version 1.2.10.2) *with AD replication and I enabled the audit log, but when I change a user password, shows the unhashed password in the audit log file:
time: 20120404113336
dn: uid=alberto.viana,OU=G,OU=RJ,dc=my,dc=domainchange type: modifyreplace: userPassworduserPassword: {SSHA}bqBSVbLJpqKCujEC2JC4ysaUUJuTsFe87AoPsQ==-replace: modifiersname
modifiersname: uid=admin,ou=administrators,ou=topologymanagement, o=netscaperoo*t-replace: modifytimestampmodifytimestamp: 20120404143336Z-replace: unhashed#user#password
unhashed#user#password: maisumteste-
Is the expected behavior? Can I configure to just not show the unhashed password? Because I need the audit log.

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 04-04-2012, 02:48 PM
Rich Megginson
 
Default Audit log - clear text password in user changes

On 04/04/2012 08:42 AM, Alberto Viana wrote:
I have an 389 DS (version 1.2.10.2) *with AD
replication and I enabled the audit log, but when I change a user
password, shows the unhashed password in the audit log file:




time: 20120404113336
dn: uid=alberto.viana,OU=G,OU=RJ,dc=my,dc=domain
changetype: modify
replace: userPassword
userPassword:
{SSHA}bqBSVbLJpqKCujEC2JC4ysaUUJuTsFe87AoPsQ==
-
replace: modifiersname
modifiersname:
uid=admin,ou=administrators,ou=topologymanagement, o=netscaperoo
*t
-
replace: modifytimestamp
modifytimestamp: 20120404143336Z
-
replace: unhashed#user#password
unhashed#user#password: maisumteste
-



Is the expected behavior?


Yes.



Can I configure to just not show the unhashed password?


No



Because I need the audit log.


Please file a ticket at https://fedorahosted.org/389












--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users





--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 08:38 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org