password in clear in keystone.log

Bug #1166697 reported by David Geng on 2013-04-09
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Low
David Geng
Grizzly
Low
Dolph Mathews

Bug Description

Found pwd in clear in keystone.log file enabling the --debug option running :
source /root/keystonerc --debug
i.e:
 (keystone.common.wsgi): 2013-03-14 06:58:39,547 DEBUG openstack.params = {u'auth': {u'tenantName': u'admin', u'passwordCredentials': {u'username': u'admin', u'password': u'os5adm'}}}
 (keystone.common.wsgi): 2013-03-14 06:58:39,547 DEBUG openstack.params = {u'auth': {u'tenantName': u'admin', u'passwordCredentials': {u'username': u'admin', u'password': u'os5adm'}}}

David Geng (genggjh) wrote :

There is bug related https://bugs.launchpad.net/horizon/+bug/1004114, but the solution was just add some comments in keystone.conf.sample which does not make sense for our customer.

David Geng (genggjh) on 2013-04-09
information type: Private Security → Public
David Geng (genggjh) on 2013-04-09
Changed in keystone:
assignee: nobody → David Geng (genggjh)

Fix proposed to branch: master
Review: https://review.openstack.org/26487

Changed in keystone:
status: New → In Progress

Reviewed: https://review.openstack.org/26487
Committed: http://github.com/openstack/keystone/commit/0dc1ad1e9c47aa7b04b944e88b071ea1a646ae91
Submitter: Jenkins
Branch: master

commit 0dc1ad1e9c47aa7b04b944e88b071ea1a646ae91
Author: gengjh <email address hidden>
Date: Tue Apr 9 22:13:31 2013 +0800

    Replace password to "***" in the debug message

    Use regex pattern to replace password to "***" for both env vars and
    request body output

    Fix bug 1166697

    Change-Id: I671ea25cca78b4dea1fbf2e63c89b82912279f2d

Changed in keystone:
status: In Progress → Fix Committed

Reviewed: https://review.openstack.org/28657
Committed: http://github.com/openstack/keystone/commit/13f8dc829f6a2cadfc8dbcf88c1d632558531e6c
Submitter: Jenkins
Branch: master

commit 13f8dc829f6a2cadfc8dbcf88c1d632558531e6c
Author: gengjh <email address hidden>
Date: Thu May 9 13:54:27 2013 +0800

    A minor refactor in wsgi.py

    A minor refactor to move the code up in the file as suggested by termie
    and henry regarding the review comments in
    https://review.openstack.org/#/c/26487/

    Fix bug 1166697

    Change-Id: I890415c755dd383749f2d4382f53d0b3a6badc6c

Fix proposed to branch: stable/grizzly
Review: https://review.openstack.org/29878

Thierry Carrez (ttx) on 2013-05-29
Changed in keystone:
milestone: none → havana-1
status: Fix Committed → Fix Released
David Geng (genggjh) on 2013-06-06
tags: added: grizzly-backport-potential
Dolph Mathews (dolph) on 2013-06-06
Changed in keystone:
importance: Undecided → Low

Reviewed: https://review.openstack.org/28927
Committed: http://github.com/openstack/keystone/commit/912c3668dce8ffc827201e14336f7d09570c7e31
Submitter: Jenkins
Branch: stable/grizzly

commit 912c3668dce8ffc827201e14336f7d09570c7e31
Author: gengjh <email address hidden>
Date: Tue Apr 9 22:13:31 2013 +0800

    Replace password to "***" in the debug message

    Use regex pattern to replace password to "***" for both env vars and
    request body output

    Also includes a minor refactor to move the code up in the file as
    suggested by termie and henry regarding the review comments in
    https://review.openstack.org/#/c/26487/
    (Original Change-Id: I890415c755dd383749f2d4382f53d0b3a6badc6c)

    Fix bug 1166697

    Change-Id: I671ea25cca78b4dea1fbf2e63c89b82912279f2d

Alan Pevec (apevec) on 2013-08-05
tags: removed: grizzly-backport-potential
Thierry Carrez (ttx) on 2013-10-17
Changed in keystone:
milestone: havana-1 → 2013.2
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers