Skip to content
Snippets Groups Projects
Commit a1fb07a1 authored by Lars Beckers's avatar Lars Beckers
Browse files

ensure no passwords are logged

parent 1793f1d7
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
ad-auth/tasks/sssd.yml
+ 2
0
View file @ a1fb07a1
...@@ -30,6 +30,7 @@ ...@@ -30,6 +30,7 @@
- name: get a kerberos ticket - name: get a kerberos ticket
shell: echo "{{ lookup('passwordstore', 'samba-admin') }}" | kinit Administrator shell: echo "{{ lookup('passwordstore', 'samba-admin') }}" | kinit Administrator
when: debian_version == "jessie" when: debian_version == "jessie"
no_log: True
- name: ensure pexpect is installed - name: ensure pexpect is installed
apt: name=python-pexpect state=installed apt: name=python-pexpect state=installed
when: debian_version == "stretch" when: debian_version == "stretch"
...@@ -39,6 +40,7 @@ ...@@ -39,6 +40,7 @@
responses: responses:
"Password for Administrator.*": "{{ lookup('passwordstore', 'samba-admin') }}" "Password for Administrator.*": "{{ lookup('passwordstore', 'samba-admin') }}"
when: debian_version == "stretch" when: debian_version == "stretch"
no_log: True
- name: leave any other realm - name: leave any other realm
command: realm leave command: realm leave
register: result register: result
......
ad-server/tasks/main.yml
+ 2
0
View file @ a1fb07a1
...@@ -32,6 +32,7 @@ ...@@ -32,6 +32,7 @@
local_action: pass name="samba-admin" state=present generate=20 store=FSMPI_PASSWORD_STORE_DIR limit=yes local_action: pass name="samba-admin" state=present generate=20 store=FSMPI_PASSWORD_STORE_DIR limit=yes
register: adminpass register: adminpass
when: domain_provisioned.stat.exists == False when: domain_provisioned.stat.exists == False
no_log: True
tags: tags:
- ad-server - ad-server
- domain-provision - domain-provision
...@@ -44,6 +45,7 @@ ...@@ -44,6 +45,7 @@
- name: ensure domain is provisioned - name: ensure domain is provisioned
shell: samba-tool domain provision --use-rfc2307 --domain={{ smb_domain }} --server-role=dc --host-name={{ ansible_hostname }} --realm={{ REALM }} --dns-backend=NONE --adminpass={{ adminpass.password }} 2> /root/smb-provision.log shell: samba-tool domain provision --use-rfc2307 --domain={{ smb_domain }} --server-role=dc --host-name={{ ansible_hostname }} --realm={{ REALM }} --dns-backend=NONE --adminpass={{ adminpass.password }} 2> /root/smb-provision.log
when: domain_provisioned.stat.exists == False when: domain_provisioned.stat.exists == False
no_log: True
tags: tags:
- ad-server - ad-server
- domain-provision - domain-provision
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment