Comments (7)
What other secrets could there be here that we need to handle?
from sos.
Some passwords may go to the logs as well, if the verbosity is set high enough.
from sos.
Ugh.. I'm not sure without more detail whether to consider that as an application bug or not. I think it's hard to justify logging authentication secrets without an extremely good reason (like: you're debugging the use of those secrets but that should really be a developer/build option not a config setting).
But if that's the way it is we probably still need to cope with it - as long as the secrets are easily substitutable we can handle that.
from sos.
/etc/keystone/keystonce.conf which contains:
[keystone_authtoken]
...
admin_password = servicepass
[keystone_authtoken] section is not in keystone.conf but in
/etc/nova/nova.conf
/etc/glance/glance-*.conf
/etc/cinder/cinder.conf
/etc/quantum/quantum.conf
Privacy-sensitive parameters in keystone.conf are:
[DEFAULT]
admin_token = XXXXXXXXXXXX
[sql]
connection = mysql://keystone:XXXXXX@localhost/keystone
[ldap]
password = XXXXXXXX
from sos.
Some passwords may go to the logs as well, if the verbosity is set high enough.
Please file bugs, passwords should never be logged!
from sos.
[keystone_authtoken] section is not in keystone.conf but in
/etc/nova/nova.conf
/etc/glance/glance-*.conf
/etc/cinder/cinder.conf
/etc/quantum/quantum.conf
Whats the details on these files as far as keystone_authtoken is concerned?
from sos.
fixed in 6c5f4a9
from sos.
Related Issues (20)
- cleaner does not obfuscate entire passwords that have spaces HOT 3
- [ipa] missing /var/log/ipaserver-enable-sid.log
- collect --clean run on two sosreports of the same system hangs (or segfaults) HOT 2
- [ipa] missing /var/log/ipaepn.log
- Request to be a member of the project from Canonical/Ubuntu perspective HOT 3
- [grafana] Collect data for snap installation
- Some MAAS config files missing from collection HOT 3
- [tests] FullCleanTest.test_private_map_was_generated timeouts when running in container HOT 5
- [man] Update maintainer mail address HOT 4
- Add Openstack Sunbeam plugin
- do_file_sub error with "global flags not at the start of the expression at position 1" for juju plugin on ubuntu HOT 8
- Error when collecting sosreport from live environment: `Could not enumerate network devices: [Errno 2] No such file or directory: '/mnt/sys/class/net'` HOT 21
- python 3.12: sos crashes because of `ConfigParser`
- Usage of deprecated python API
- ceph_osd is triggered on mon/mgr nodes , and mon/mgr plugins are triggered on osd nodes HOT 2
- Add exclude of application core dumps in all directories. HOT 5
- Fix PEP706 warning HOT 6
- containerd plugin does not enable when containerd is installed from docker repo
- ubuntu plugin loads "tls" module HOT 1
- sos report can load overlay kmod HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sos.