Comment 15 for bug 1572796
Revision history for this message
| aeva black (tenbrae) wrote Re: Complete node information available to unathenticated users, if they know MAC address of Node | #15 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Dmitry, while I agree that IPA shouldn't be using that info, I don't know what folks might be doing with downstream HardwareManagers in IPA. As this is part of the API we're currently providing, and this patch needs to be backported to stable branches, my view in developing these patches was to make the least possible change (just mask the password).
There's still a risk that someone, somewhere, has used the IPMI password in the agent, and this change will break them -- and I'm willing to accept that risk in order to close this hole.