Bug 1052257
Summary: | [RFE] Make default root password encryption be SHA256 | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Bryan Kearney <bkearney> | ||||||
Component: | Provisioning | Assignee: | Dmitri Dolguikh <ddolguik> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Sachin Ghai <sghai> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 6.0.3 | CC: | adahms, bbuckingham, dcleal, dmitri, ohadlevy, rjerrido, sghai, sthirugn | ||||||
Target Milestone: | Unspecified | Keywords: | FutureFeature, Reopened, Triaged | ||||||
Target Release: | Unused | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
URL: | http://projects.theforeman.org/issues/2127 | ||||||||
Whiteboard: | Verified in Upstream | ||||||||
Fixed In Version: | Doc Type: | Enhancement | |||||||
Doc Text: |
With this release, the default root password hash has been made SHA256 instead of MD5. This improves the default security of all provisioned hosts.
|
Story Points: | --- | ||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2016-07-27 11:11:40 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Bryan Kearney
2014-01-13 14:27:45 UTC
Upstream bug assigned to ddolguik Moving to POST since upstream bug http://projects.theforeman.org/issues/2127 has been closed ------------- Anonymous Applied in changeset commit:2d7f0315b4653f5eaa4bd7493c4d07375c637a97. So I am sending this back to dev for commentary, because I have spent a lot of time looking at the upstream bug and commits, and one key thing may (or may not?) be missing... Much of the backend code is there. However, I have not found anywhere in the UI (based on various discussions in github, screenshots, etc.) where this is actually possible in the UI. Furthermore, I do not see the following change reflected in the product: http://projects.theforeman.org/projects/foreman/repository/revisions/2d7f0315b4653f5eaa4bd7493c4d07375c637a97/diff/app/views/operatingsystems/_form.html.erb Now, I understand that this is a pretty old BZ and things might have changed significantly in this time, but seeing as I have yet to find where, in the UI, that user should be able to actually choose/select a password hash type, and I don't see any associated ability to make this change reflected in the templates, I want to send it back for some details. If there's a satisfactory answer, I'll close out the bz. To clarify, it looks like, in the upstream bug, there is supposed to be the ability to choose hash type (beyond the a default SHA256) and I am not sure I see this. Nevermind, I found it. Was looking in the wrong place. Verified in Satellite-6.1.0-RHEL-7-20150320.1 However... no. While the dropdown exists, the default appears to always, MD5, not SHA256. Created attachment 1006102 [details]
screenshot showing an OS distribution with a default MD5 hash
Fixed upstream in commit d4692e4e0a8f26acb001df47742cc88d083c2113. Also see http://projects.theforeman.org/issues/10289 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:1592 Accidentally closed with 6.1.1 errata Verified with upstream build: foreman-proxy-1.10.0-0.develop.201508250705gitb446e0c.el6.noarch rubygem-smart_proxy_discovery-1.0.2-1.el6.noarch foreman-1.10.0-0.develop.201508241946git8658fa3.el6.noarch foreman-release-1.10.0-0.develop.201508241946git8658fa3.el6.noarch ruby193-rubygem-hammer_cli_import-0.10.21-3.el6.noarch ruby193-rubygem-hammer_cli_foreman_docker-0.0.3-3.el6.noarch ruby193-rubygem-hammer_cli-0.3.0-1.201508241209git174f507.el6.noarch ruby193-rubygem-hammer_cli_foreman_tasks-0.0.7-2.el6.noarch ruby193-rubygem-hammer_cli_foreman_bootdisk-0.1.3-2.el6.noarch ruby193-rubygem-hammer_cli_katello-0.0.17-1.el6.noarch Now I can see sha256 set as default for root password encryption. Please see the attached screenshot Created attachment 1068977 [details]
default root password encription set as sha256
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1501 |