OpenStack Identity (keystone)

password in clear in keystone.log

Bug #1166697 reported by David Geng
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Low
David Geng
OpenStack Identity (keystone) 2013.2 "havana"
Grizzly
Fix Released
Low
Dolph Mathews
OpenStack Identity (keystone) 2013.1.3

Bug Description

Found pwd in clear in keystone.log file enabling the --debug option running :
source /root/keystonerc --debug
i.e:
 (keystone.common.wsgi): 2013-03-14 06:58:39,547 DEBUG openstack.params = {u'auth': {u'tenantName': u'admin', u'passwordCredentials': {u'username': u'admin', u'password': u'os5adm'}}}
 (keystone.common.wsgi): 2013-03-14 06:58:39,547 DEBUG openstack.params = {u'auth': {u'tenantName': u'admin', u'passwordCredentials': {u'username': u'admin', u'password': u'os5adm'}}}

Revision history for this message
David Geng (genggjh) wrote :

There is bug related https://bugs.launchpad.net/horizon/+bug/1004114, but the solution was just add some comments in keystone.conf.sample which does not make sense for our customer.

David Geng (genggjh)
information type: Private Security → Public
David Geng (genggjh)
Changed in keystone:
assignee: nobody → David Geng (genggjh)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/26487

Changed in keystone:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/26487
Committed: http://github.com/openstack/keystone/commit/0dc1ad1e9c47aa7b04b944e88b071ea1a646ae91
Submitter: Jenkins
Branch: master

commit 0dc1ad1e9c47aa7b04b944e88b071ea1a646ae91
Author: gengjh <email address hidden>
Date: Tue Apr 9 22:13:31 2013 +0800

    Replace password to "***" in the debug message

    Use regex pattern to replace password to "***" for both env vars and
    request body output

    Fix bug 1166697

    Change-Id: I671ea25cca78b4dea1fbf2e63c89b82912279f2d

Changed in keystone:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/28657

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/28657
Committed: http://github.com/openstack/keystone/commit/13f8dc829f6a2cadfc8dbcf88c1d632558531e6c
Submitter: Jenkins
Branch: master

commit 13f8dc829f6a2cadfc8dbcf88c1d632558531e6c
Author: gengjh <email address hidden>
Date: Thu May 9 13:54:27 2013 +0800

    A minor refactor in wsgi.py

    A minor refactor to move the code up in the file as suggested by termie
    and henry regarding the review comments in
    https://review.openstack.org/#/c/26487/

    Fix bug 1166697

    Change-Id: I890415c755dd383749f2d4382f53d0b3a6badc6c

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/grizzly)

Fix proposed to branch: stable/grizzly
Review: https://review.openstack.org/28927

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: stable/grizzly
Review: https://review.openstack.org/29878

Thierry Carrez (ttx)
Changed in keystone:
milestone: none → havana-1
status: Fix Committed → Fix Released
David Geng (genggjh)
tags: added: grizzly-backport-potential
Dolph Mathews (dolph)
Changed in keystone:
importance: Undecided → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/grizzly)

Reviewed: https://review.openstack.org/28927
Committed: http://github.com/openstack/keystone/commit/912c3668dce8ffc827201e14336f7d09570c7e31
Submitter: Jenkins
Branch: stable/grizzly

commit 912c3668dce8ffc827201e14336f7d09570c7e31
Author: gengjh <email address hidden>
Date: Tue Apr 9 22:13:31 2013 +0800

    Replace password to "***" in the debug message

    Use regex pattern to replace password to "***" for both env vars and
    request body output

    Also includes a minor refactor to move the code up in the file as
    suggested by termie and henry regarding the review comments in
    https://review.openstack.org/#/c/26487/
    (Original Change-Id: I890415c755dd383749f2d4382f53d0b3a6badc6c)

    Fix bug 1166697

    Change-Id: I671ea25cca78b4dea1fbf2e63c89b82912279f2d

Alan Pevec (apevec)
tags: removed: grizzly-backport-potential
Thierry Carrez (ttx)
Changed in keystone:
milestone: havana-1 → 2013.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.