28 May
2008
28 May
'08
1:05 p.m.
Stefan Winter wrote:
Funny enough, our own Nagios suffers from the exact same (noticed that just a few minutes later as our migration went on). That config is even simpler. It seems like a stanza like:
update control { Cleartext-Password := "something" }
is enough to erase the User-Password from the server's request list.
No... the password is cached in request->password, in *addition* to being in the request list. If that pointer gets mangled, then a module will think that the password doesn't exist, even though it does. This *should* have been fixed in 2.0.4. But the underlying solution is to get rid of request->password altogether. Alan DeKok.