Hi, I'm trying to reproduce this bug to see if it's still valid, but so far I haven't had much success. I tried crafting a /etc/sssd/sssd.conf using Jens' diff, but after using sss_obfuscate on it I only see a small excerpt being added to the end of the config file, and no lines being removed.
I also looked at upstream's bug reports and tried finding something related to this. There are some sss_obfuscate bugs that have been fixed over the years, but nothing that really resembles this one. Jens, would it be possible for you to check if this bug is still reproducible, and to provide reproduction steps please? Meanwhile, I will set this bug as Incomplete. Moreover, I would like to post a comment made by one of the sssd developers regarding sss_obfuscate: ==== First, an aside: please do not use the sss_obfuscate tool. It is virtually useless and provides zero security benefit. It was added to placate a customer who was paying a brain-dead auditor to review their use of the code. Obfuscated passwords are 100% reversible encryption. Anyone who has access to the sssd.conf can trivially reverse the password and get its plaintext password. They need only take a look at the well-commented source code of the sss_obfuscate tool. Given that the sssd.conf file is already forced to be readable only by root, the obfuscation is an unnecessary option that only gives an illusion of added security, we strongly recommend against using it at all. ==== With that in mind, and assuming that the bug is still valid, I consider it to be low priority. Thanks. ** Changed in: sssd (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1430143 Title: sss_obfuscate breaks /etc/sssd/sssd.conf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1430143/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs