SOLVED Active Directory - Fog 1.5.5

  • Testers

    the fog GUI is now showing the unencrypted password for joining the domain when you press the eyeball.
    Ho do I would like to have it not show the password if possible.

    alt text

  • Testers

    @Tom-Elliott Thanks!

    For now, I have created a fog AD user that has rights to join the domain. the only issue with that is the helpdesk tech needs to have one of the domain admins remove the PC from AD if it’s preexisting.

  • I’ve added a globalized switch for allowing the admins to have the eye display/hide the password. By default the schema will set the “Enabling” to on (which is the current functionality.)

    Unfortunately, I don’t know if this can be brought into 1.5.x

    Not because we couldn’t add it, but because of the divergence between 1.5.x and 1.6

    I’ve added the code to 1.6 base code however and tested that it was working properly. Hopefully we can have a 1.6 pushed out relatively soon.

  • Testers

    I am good with either. I just don’t want my help desk techs seeing the password.


  • I’ve not added a feature to disable/enable seeing passwords. I suppose it’d be a simple enough feature to add.

    We moved away from storing the password in encrypted form as it held no value. The IV and Key used to encrypt the password was stored with it and could easily be circumvented. That, and the password was being sent “in the clear” to the machine (though the data being sent itself was encrypted.)

    While adding the feature itself isn’t that hard, this becomes a question of do we have this full scale, or only for specific password fields. For simplicity globally allowing/disallowing viewing passwords would be the quickest and, most likely, safest option. But that doesn’t really mean much. A person can still go in and change the password. While you’re right that viewing it wouldn’t be an option (and I am pretty sure Copying a password in password form field isn’t possible) this still doesn’t quite fix the problem either. A person simply can change the type of the field to text and still view the password.