A command like $ samba-tool domain leave -U alice should not say WARNING: Using passwords on command line is insecure. Installing the setproctitle python module will hide these from shortly after program start. because no password was used. Yet it does.
(In reply to Douglas Bagnall from comment #0) Well yes, a password hasn't been entered (yet), but what does the next line (as printed to screen) ask for ? Or to put it another way, the message should be something like 'Using passwords over the network is insecure, please install the python setproctitle module'
(In reply to Rowland Penny from comment #1) This message is not about passwords over the network, which setproctitle won't affect. It is about what gets saved in the /proc. So if you go $ samba-tool domain leave -UAdministrator%secretsecret what you would see with `ps` etc is "samba-tool domain leave -UAdministrator", so spies on your computer can't find out the password. If you don't have python3-setproctitle installed, it can't do that, so it does the warning. But if your command line was $ samba-tool domain leave -UAdministrator and it prompts you for the password, the password isn't going to be saved in /proc and there's no danger, hence no need for the warning.
This bug was referenced in samba master: f3b240da5c209a51fa43de23e8ecfea2f32bbfd5
This bug was referenced in samba v4-19-test: efd989ac3e0730b54a6812ee8426da7ea4cbc581
This bug was referenced in samba v4-20-test: 5d99875ba0fb14ff1e1fa64c904c94751b4db103
This bug was referenced in samba v4-20-stable (Release samba-4.20.3): 5d99875ba0fb14ff1e1fa64c904c94751b4db103
This bug was referenced in samba v4-19-stable (Release samba-4.19.8): efd989ac3e0730b54a6812ee8426da7ea4cbc581