Back to bug 1389673

Who When What Removed Added
Red Hat Bugzilla Rules Engine 2016-10-28 08:06:26 UTC Keywords FutureFeature
Michal Skrivanek 2016-10-29 05:56:30 UTC CC michal.skrivanek
oVirt Team Virt Infra
Oved Ourfali 2016-10-30 14:29:58 UTC CC oourfali
Flags ovirt-future?
Bronce McClain 2017-03-02 01:28:13 UTC CC mperina
Flags needinfo?(mperina)
Martin Perina 2017-03-02 09:57:17 UTC CC gklein
Component RFEs ovirt-engine-extension-aaa-jdbc
Version 1.0.7 2.1.0
Product ovirt-engine-extension-aaa-jdbc Red Hat Enterprise Virtualization Manager
QA Contact omachace
Flags needinfo?(mperina) ovirt-future? planning_ack? testing_ack?
Martin Perina 2017-03-02 09:58:06 UTC QA Contact pstehlik
Martin Perina 2017-03-02 09:59:38 UTC Version 2.1.0 3.6.6
Martin Perina 2017-04-29 14:34:30 UTC Assignee mperina mvoglova
Target Milestone --- ovirt-4.2.0
Martin Perina 2017-05-19 12:57:44 UTC Link ID oVirt gerrit 76498
Keywords ZStream
Status NEW MODIFIED
Target Milestone ovirt-4.2.0 ovirt-4.1.3
Martin Perina 2017-05-19 13:03:51 UTC Blocks 1452668
Target Milestone ovirt-4.1.3 ovirt-4.2.0
Fixed In Version 1.1.5
Pavel Stehlik 2017-05-19 13:04:46 UTC QA Contact pstehlik grafuls
Martin Perina 2017-05-19 13:30:42 UTC Doc Text Feature:

In previous versions administrators had to enter unencrypted password during 'ovirt-aaa-jdbc-tool user password-reset' invocation. Then the password was encrypted inside ovirt-aaa-jdbc-tool and stored into database.

Now administrators can use new option --encrypted, which allows to enter already encrypted password during 'ovirt-aaa-jdbc-tool user password-reset' invocation.

However there are some caveats when providing encrypted passwords:

1. Entering encrypted password means, that password validity tests cannot be performed, so they are skipped and password is accepted even though it doesn't comply with password validation policy.

2. Password has to be encrypted using the same algorithm as configured, otherwise user will not be able to login (we cannot perform any tests that correct encryption algorithm was used). To encrypt password administrators can use '/usr/share/ovirt-engine/bin/ovirt-engine-crypto-tool.sh' tool, which provides 'pbe-encode' command to encrypt password using the default PBKDF2WithHmacSHA1 algorithm.


Reason:

Result:
Doc Type If docs needed, set a value Enhancement
Moran Goldboim 2017-05-21 08:12:25 UTC CC mgoldboi
Pavel Stehlik 2017-05-22 06:50:35 UTC CC pstehlik
Martin Perina 2017-06-20 09:40:40 UTC Status MODIFIED POST
Moran Goldboim 2017-06-22 08:27:30 UTC Priority unspecified medium
Martin Perina 2017-06-26 14:33:12 UTC Status POST MODIFIED
Miroslava Voglova 2017-07-04 11:13:19 UTC Doc Text Feature:

In previous versions administrators had to enter unencrypted password during 'ovirt-aaa-jdbc-tool user password-reset' invocation. Then the password was encrypted inside ovirt-aaa-jdbc-tool and stored into database.

Now administrators can use new option --encrypted, which allows to enter already encrypted password during 'ovirt-aaa-jdbc-tool user password-reset' invocation.

However there are some caveats when providing encrypted passwords:

1. Entering encrypted password means, that password validity tests cannot be performed, so they are skipped and password is accepted even though it doesn't comply with password validation policy.

2. Password has to be encrypted using the same algorithm as configured, otherwise user will not be able to login (we cannot perform any tests that correct encryption algorithm was used). To encrypt password administrators can use '/usr/share/ovirt-engine/bin/ovirt-engine-crypto-tool.sh' tool, which provides 'pbe-encode' command to encrypt password using the default PBKDF2WithHmacSHA1 algorithm.


Reason:

Result: 		Feature:

Previously, administrators had to enter an unencrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'. The password was then encrypted inside ovirt-aaa-jdbc-tool and stored in the database.

This update enables administrators to use the new --encrypted option to enter an already encrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'.

However there are some caveats when providing encrypted passwords:

1. Entering an encrypted password means that password validity tests cannot be performed, so they are skipped and the password is accepted even if it does not comply with the password validation policy.

2. A password has to be encrypted using the same configured algorithm. To encrypt passwords, administrators can use the '/usr/share/ovirt-engine/bin/ovirt-engine-crypto-tool.sh' tool, which provides the 'pbe-encode' command to encrypt passwords using the default PBKDF2WithHmacSHA1 algorithm.


Reason:

Result:
Lukas Svaty 2017-08-23 06:59:08 UTC CC lsvaty
Flags testing_plan_complete?
Lukas Svaty 2017-08-23 11:45:20 UTC Flags testing_plan_complete?
Byron Gravenorst 2017-10-19 00:34:28 UTC CC bgraveno
Doc Text Feature:

Previously, administrators had to enter an unencrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'. The password was then encrypted inside ovirt-aaa-jdbc-tool and stored in the database.

This update enables administrators to use the new --encrypted option to enter an already encrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'.

However there are some caveats when providing encrypted passwords:

1. Entering an encrypted password means that password validity tests cannot be performed, so they are skipped and the password is accepted even if it does not comply with the password validation policy.

2. A password has to be encrypted using the same configured algorithm. To encrypt passwords, administrators can use the '/usr/share/ovirt-engine/bin/ovirt-engine-crypto-tool.sh' tool, which provides the 'pbe-encode' command to encrypt passwords using the default PBKDF2WithHmacSHA1 algorithm.


Reason:

Result: 		Previously, administrators had to enter an unencrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'. The password was then encrypted inside ovirt-aaa-jdbc-tool and stored in the database.

This update enables administrators to use the new --encrypted option to enter an already encrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'.

However, there are some caveats when providing encrypted passwords:

1. Entering an encrypted password means that password validity tests cannot be performed, so they are skipped and the password is accepted even if it does not comply with the password validation policy.

2. A password has to be encrypted using the same configured algorithm. To encrypt passwords, administrators can use the '/usr/share/ovirt-engine/bin/ovirt-engine-crypto-tool.sh' tool, which provides the 'pbe-encode' command to encrypt passwords using the default PBKDF2WithHmacSHA1 algorithm.
Byron Gravenorst 2017-10-19 01:10:35 UTC Blocks 1503872
errata-xmlrpc 2017-11-03 19:30:24 UTC Status MODIFIED ON_QA
Martin Perina 2017-11-03 19:31:31 UTC Target Release --- 4.2.0
Lucie Leistnerova 2017-11-21 12:08:34 UTC CC lleistne
QA Contact grafuls lleistne
Lucie Leistnerova 2017-11-22 07:43:59 UTC Status ON_QA VERIFIED
Yaniv Lavi 2017-11-22 10:35:51 UTC CC ylavi
Avital Pinnick 2017-11-22 10:44:10 UTC CC apinnick
Oved Ourfali 2018-01-09 16:41:57 UTC CC oourfali
PnT Account Manager 2018-02-08 15:13:25 UTC Assignee mvoglova mperina
Pavel Stehlik 2018-03-07 12:26:03 UTC Flags testing_plan_complete+
Billy Burmester 2018-05-09 01:04:54 UTC CC bburmest
auto-bz-updater 2018-05-15 00:08:32 UTC Status VERIFIED RELEASE_PENDING
errata-xmlrpc 2018-05-15 17:35:23 UTC Status RELEASE_PENDING CLOSED
Resolution --- ERRATA
Last Closed 2018-05-15 13:35:23 UTC
errata-xmlrpc 2018-05-15 17:35:35 UTC Link ID Red Hat Product Errata RHEA-2018:1482
Gil Klein 2019-04-28 09:17:16 UTC CC gklein

Back to bug 1389673