Dmitry, while I agree that IPA shouldn't be using that info, I don't know what folks might be doing with downstream HardwareManagers in IPA. As this is part of the API we're currently providing, and this patch needs to be backported to stable branches, my view in developing these patches was to make the least possible change (just mask the password).
There's still a risk that someone, somewhere, has used the IPMI password in the agent, and this change will break them -- and I'm willing to accept that risk in order to close this hole.
Dmitry, while I agree that IPA shouldn't be using that info, I don't know what folks might be doing with downstream HardwareManagers in IPA. As this is part of the API we're currently providing, and this patch needs to be backported to stable branches, my view in developing these patches was to make the least possible change (just mask the password).
There's still a risk that someone, somewhere, has used the IPMI password in the agent, and this change will break them -- and I'm willing to accept that risk in order to close this hole.