Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
fusiondirectory
fusiondirectory
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 50
    • Issues 50
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
  • fusiondirectory
  • fusiondirectoryfusiondirectory
  • Issues
  • #6125

Closed
Open
Opened Nov 12, 2020 by jbecot@jbecotReporter

add an option to output clear password when we use --encrypt-passwords

Requirements

  • Filling out the template is required. Any Enhancement request that does not include enough information to be reviewed in a timely manner may be closed at the maintainers' discretion.
  • All new code requires tests to ensure against regressions

Descriptive title for this enhancement

add an option to fusiondirectory-setup to output clear password when we use --encrypt-passwords

Actual behavior

Not implemented

Expected behavior

fusiondirectory-setup --check-config-password <environment(default = default)> displays my_clear_password

Step by step description of new behaviour

  1. Add the option

Benefits

  • Admins inheriting FD installations can decrypt password
  • Automation tools like Ansible or puppet have a way to validate a password against the encrypted one without crafting clear password config and reencrypt on each run (showing a change when there is not)
  • For the previous point leaving encryption to FD is better than let 3rd party tools mimic FD behavior, leading to an obsolete tooling if you decide to change the encryption process

Possible Drawbacks

  • This code change the argument reading loop and may have undesired side effects (though it shouldn't)
  • A simple way to decrypt password for an attacker (but reading at the tool perl source is easy enough to do it without)
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: fusiondirectory/fd#6125