Remove password field from Kerberos

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Fixed
    • Priority: Major - P3
    • 1.32.4
    • Affects Version/s: None
    • Component/s: Connectivity
    • None
    • 1
    • Iteration Eel, Iteration Fish
    • Not Needed

      Remove password field from Kerberos by default and hide behind the feature flag: process.env.COMPASS_ENABLE_KERBEROS_PASSWORD_FIELD

      For context, this field should be only rarely necessary as a last resort in environments where the Kerberos auth is not working as intended. But causes issues with a working setup: customers reported that users try to fill the field and potentially expose their system password through connection string and screencasts.

              Assignee:
              Anna Henningsen
              Reporter:
              Maurizio Casimirri
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: