Bug #4313: Do not pass clear text password as authenticate module parameter - OpenNebula - OpenNebula Development pages

Bug #4313

Do not pass clear text password as authenticate module parameter

Added by EOLE Team over 5 years ago.

Status:

Pending

Start date:

01/28/2016

Priority:

Normal

Due date:

Assignee:

% Done:

Category:

Drivers - Auth

Target version:

Resolution:

Pull request:

Affected Versions:

OpenNebula 4.14

Description

Hello,

Doing some sysadmin stuff on the frontend, I see in a ps output the password of users:

 2256 ?        SNl    0:00  \_ ruby /usr/lib/one/mads/one_auth_mad.rb --authn ssh,x509,ldap,server_cipher,server_x509
 2441 ?        SN     0:00      \_ sh -c /var/lib/one/remotes/auth/ldap/authenticate dad uid\=dad,ou\=utilisateurs,ou\=eole,ou\=education,o\=gouv,c\=fr SomePasswordInClearText ; echo ExitCode: $? 1>&2
 2444 ?        SNl    0:00      |   \_ ruby /var/lib/one/remotes/auth/ldap/authenticate dad uid=dad,ou=utilisateurs,ou=eole,ou=education,o=gouv,c=fr SomePasswordInClearText
 2475 ?        SN     0:00      \_ sh -c /var/lib/one/remotes/auth/ldap/authenticate dad uid\=dad,ou\=utilisateurs,ou\=eole,ou\=education,o\=gouv,c\=fr SomePasswordInClearText ; echo ExitCode: $? 1>&2
 2477 ?        SNl    0:00          \_ ruby /var/lib/one/remotes/auth/ldap/authenticate dad uid=dad,ou=utilisateurs,ou=eole,ou=education,o=gouv,c=fr SomePasswordInClearText

Two options to avoid it:

use an environment variable
use stdin

Regards.

Also available in: Atom PDF

OpenNebula

Issues

Custom queries

Bug #4313

Do not pass clear text password as authenticate module parameter