From 236a2d2bcd422d8ab52577776985c81a85ebbdf7 Mon Sep 17 00:00:00 2001
From: Hitoshi Mitake <h.mitake@gmail.com>
Date: Sun, 26 Apr 2020 23:23:02 +0900
Subject: [PATCH] etcdserver: don't let InternalAuthenticateRequest have
 password

---
 etcdserver/v3_server.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/etcdserver/v3_server.go b/etcdserver/v3_server.go
index 3f80afb60bf..f2d2461cee9 100644
--- a/etcdserver/v3_server.go
+++ b/etcdserver/v3_server.go
@@ -441,9 +441,10 @@ func (s *EtcdServer) Authenticate(ctx context.Context, r *pb.AuthenticateRequest
 			return nil, err
 		}
 
+		// internalReq doesn't need to have Password because the above s.AuthStore().CheckPassword() already did it.
+		// In addition, it will let a WAL entry not record password as a plain text.
 		internalReq := &pb.InternalAuthenticateRequest{
 			Name:        r.Name,
-			Password:    r.Password,
 			SimpleToken: st,
 		}