add an option to output clear password when we use --encrypt-passwords
add an option to output clear password when we use --encrypt-passwords
Descriptive title for this enhancement
add an option to fusiondirectory-setup to output clear password when we use --encrypt-passwords
Actual behavior
Not implemented
Expected behavior
fusiondirectory-setup --check-config-password <environment(default = default)> displays my_clear_password
Step by step description of new behaviour
- Add the option
Benefits
- Admins inheriting FD installations can decrypt password
- Automation tools like Ansible or puppet have a way to validate a password against the encrypted one without crafting clear password config and reencrypt on each run (showing a change when there is not)
- For the previous point leaving encryption to FD is better than let 3rd party tools mimic FD behavior, leading to an obsolete tooling if you decide to change the encryption process
Possible Drawbacks
- This code change the argument reading loop and may have undesired side effects (though it shouldn't)
- A simple way to decrypt password for an attacker (but reading at the tool perl source is easy enough to do it without)
Activity
assigned to @bmortier
By bmortier on 2020-12-03T16:30:32 (imported from GitLab)
changed milestone to %FusionDirectory 1.4
added PJ1802-0188 fusiondirectory-setup labels
mentioned in commit 618b0799
By Côme Chilliet on 2021-02-02T10:11:06 (imported from GitLab)
added To Be Tested label
assigned to @jswaelens and unassigned @bmortier
By bmortier on 2021-02-22T07:17:45 (imported from GitLab)
assigned to @bmortier and unassigned @jswaelens
By bmortier on 2021-07-29T18:48:28 (imported from GitLab)
removed To Be Tested label
added Added label
marked this issue as related to #6124 (closed)
By Côme Chilliet on 2021-09-14T12:55:17 (imported from GitLab)
