Bug 1022484

Summary: satpasswd on a FIPS enabled Satellite produces error
Product: Red Hat Satellite 5 Reporter: Milan Zázrivec <mzazrivec>
Component: ServerAssignee: Michael Mráka <mmraka>
Status: CLOSED CURRENTRELEASE QA Contact: Pavel Studeník <pstudeni>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 560CC: cperry, jhutar, pstudeni
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: spacewalk-backend-2.3.3-9-sat Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-26 11:57:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 843620    

Description Milan Zázrivec 2013-10-23 11:47:13 UTC 
Description of problem:
Running satpasswd utility on a FIPS enabled Satellite 5.6 gives the following
error:

# satpasswd 
Usage: satpasswd user [OPTION]
Change the password of a satellite user.

  -h, --help              print this message and exit
[root@dhcp-37-127 xmlrpc]# satpasswd jozefko
Password: 
Retype password: 
psql:<stdin>:2: ERROR:  new row for relation "web_contact" violates check constraint "vn_web_contact_password"
 clear_log_id 
--------------
 
(1 row)


Version-Release number of selected component (if applicable):
Satellite 5.6

How reproducible:
Always

Steps to Reproduce:
1. Satellite 5.6 installed on a FIPS enabled RHEL system
2. Run satpasswd utility

Actual results:
Above error.

Expected results:
No error, satpasswd works as expected.

Additional info:
# cat /proc/sys/crypto/fips_enabled 
1
# echo password | openssl passwd -1 -stdin
Segmentation fault
Comment 1 Michael Mráka 2014-09-10 12:35:10 UTC 
Fixed in spacewalk master by
commit 19e197f4eda6b0e3491dc623a123c583e29eec2c
    1022484 - ask for new password twice
commit 4f2efe10f3c9ca6cab07e4ad2f2b01953cb99798
    satpasswd supports SHA-256 encrypted user passwords
    The tool has been re-implemented in python to take advantage of
    our rhnUser password-related routines.
Comment 2 Michael Mráka 2014-09-15 07:28:44 UTC 
Backported to SATELLITE-5.7 as
commit b29f485fb5e2c63fe4e7fea484877ddb9de6fcf3
    1022484 - ask for new password twice
commit 4f2efe10f3c9ca6cab07e4ad2f2b01953cb99798 Satellite
    satpasswd supports SHA-256 encrypted user passwords
    The tool has been re-implemented in python to take advantage of
    our rhnUser password-related routines.