Bug 1143942

Summary: virt-sysprep option '--password-crypto' do not work
Product: Red Hat Enterprise Linux 7 Reporter: Lingfei Kong <lkong>
Component: libguestfsAssignee: Richard W.M. Jones <rjones>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: low Docs Contact:
Priority: high    
Version: 7.1CC: leiwang, mbooth, ptoscano, wshi
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-18 12:49:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lingfei Kong 2014-09-18 09:46:50 UTC 
Description of problem:
virt-sysprep option '--password-crypto' md5|sha256|sha512 do not work, if you set password encryption to a new value md5, then create a new user and set its password, the new password will stil use the old password encryption, such as sha512.


Version-Release number of selected component (if applicable):
libguestfs-1.27.43-1.1.el7


How reproducible:
100%


Steps to Reproduce:
1. Create a raw format guest image: rhel6.6.img, by default this guest use 'sha512' as its password encryption
2. #virt-sysprep --password-crypto md5 -a rhel6.6.img
[   0.0] Examining the guest ...
[   5.0] Performing "abrt-data" ...
[   5.0] Performing "bash-history" ...
[   5.0] Performing "blkid-tab" ...
[   5.0] Performing "crash-data" ...
[   5.0] Performing "cron-spool" ...
[   5.0] Performing "dhcp-client-state" ...
[   5.0] Performing "dhcp-server-state" ...
[   5.0] Performing "dovecot-data" ...
[   5.0] Performing "logfiles" ...
[   5.0] Performing "machine-id" ...
[   5.0] Performing "mail-spool" ...
[   5.0] Performing "net-hostname" ...
[   5.0] Performing "net-hwaddr" ...
[   5.0] Performing "pacct-log" ...
[   5.0] Performing "package-manager-cache" ...
[   5.0] Performing "pam-data" ...
[   5.0] Performing "puppet-data-log" ...
[   5.0] Performing "rh-subscription-manager" ...
[   5.0] Performing "rhn-systemid" ...
[   5.0] Performing "rpm-db" ...
[   5.0] Performing "samba-db-log" ...
[   5.0] Performing "script" ...
[   5.0] Performing "smolt-uuid" ...
[   5.0] Performing "ssh-hostkeys" ...
[   5.0] Performing "ssh-userdir" ...
[   5.0] Performing "sssd-db-log" ...
[   5.0] Performing "tmp-files" ...
[   5.0] Performing "udev-persistent-net" ...
[   5.0] Performing "utmp" ...
[   5.0] Performing "yum-uuid" ...
[   5.0] Performing "customize" ...
[   5.0] Setting a random seed
[   5.0] Performing "lvm-uuids" ...

3. Login the guest, create a new user and check file /etc/shadow and /etc/sysconfig/authconfig
# useradd test
# passwd test
#cat /etc/shadow/ | grep test
test:$6$3W3li43Y$5tGb4NpR8zHNKmkSXoEsRFDTtkjLIeqL.qa5dDQihgHKGi0UjH6qDDIrhZk577M97MJJVqy8NTJiZIzZmOfcB1:16328:0:99999:7:::
#cat /etc/sysconfig/authconfig | grep PASSWDALGORITHM
PASSWDALGORITHM=sha512


Actual results:
The hashing algorithm in /etc/shadow is still sha512, i.e. the first two characters in the password field is $1 (md5 - 1, sha512 - 6, sha256 - 5)
The value of PASSWDALGORITHM is still sha512 in /etc/sysconfig/authconfig. 
Also i can not see any message from the output prove that virt-sysprep have performed option --password-crypto.


Expected results:
The hashing algorithm in /etc/shadow should be md5, i.e. the first two characters in the password field should be $1
The value of PASSWDALGORITHM should be md5
There should a message from the output prove that virt-sysprep have performed option --password-crypto.


Additional info:
Comment 1 Richard W.M. Jones 2014-09-18 12:49:13 UTC 
Because virt-sysprep and virt-customize (and virt-builder) now
use common code to implement features like --password-crypto, I'm
going to fold these two bugs together.

*** This bug has been marked as a duplicate of bug 1143949 ***