search

freeipa / ansible-freeipa

Ansible roles and modules for FreeIPA
GNU General Public License v3.0
489 stars 232 forks source link

[role/ipasmartcard_client] Password leaking in cleartext #1278

Open EmptyByte opened 1 month ago

EmptyByte commented 1 month ago

In the following task:

  - name: Authenticate using kinit with password for "{{ ipaadmin_principal }}"
    ansible.builtin.command: kinit "{{ ipaadmin_principal }}"
    args:
      stdin: "{{ ipaadmin_password }}"
    when: ipaadmin_password is defined

Please add a no_log: true.