ensure no passwords are logged

a1fb07a1 · Lars Beckers · 1793f1d7 · a1fb07a1 · a1fb07a1
Commit a1fb07a1 authored 8 years ago by Lars Beckers
--- a/ad-auth/tasks/sssd.yml
+++ b/ad-auth/tasks/sssd.yml
@@ -30,6 +30,7 @@
    - name: get a kerberos ticket
      shell: echo "{{ lookup('passwordstore', 'samba-admin') }}" | kinit Administrator
      when: debian_version == "jessie"
+      no_log: True
    - name: ensure pexpect is installed
      apt: name=python-pexpect state=installed
      when: debian_version == "stretch"
@@ -39,6 +40,7 @@
        responses:
          "Password for Administrator.*": "{{ lookup('passwordstore', 'samba-admin') }}"
      when: debian_version == "stretch"
+      no_log: True
    - name: leave any other realm
      command: realm leave
      register: result

--- a/ad-server/tasks/main.yml
+++ b/ad-server/tasks/main.yml
@@ -32,6 +32,7 @@
  local_action: pass name="samba-admin" state=present generate=20 store=FSMPI_PASSWORD_STORE_DIR limit=yes
  register: adminpass
  when: domain_provisioned.stat.exists == False
+  no_log: True
  tags:
    - ad-server
    - domain-provision
@@ -44,6 +45,7 @@
 - name: ensure domain is provisioned
  shell: samba-tool domain provision --use-rfc2307 --domain={{ smb_domain }} --server-role=dc --host-name={{ ansible_hostname }} --realm={{ REALM }} --dns-backend=NONE --adminpass={{ adminpass.password }}  2> /root/smb-provision.log
  when: domain_provisioned.stat.exists == False
+  no_log: True
  tags: 
    - ad-server
    - domain-provision