Bug 1154877
Summary: | [RFE] virt-who security | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Thom Carlin <tcarlin> |
Component: | virt-who | Assignee: | Radek Novacek <rnovacek> |
Status: | CLOSED ERRATA | QA Contact: | gaoshang <sgao> |
Severity: | medium | Docs Contact: | Laura Novich <lnovich> |
Priority: | unspecified | ||
Version: | 6.6 | CC: | gxing, jherrman, jhradile, nshaik, ovasik, rbalakri, rnovacek, sgao, shihliu, tcarlin, tlavigne, xdmoon |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | virt-who-0.12-1.el6 | Doc Type: | Release Note |
Doc Text: |
virt-who supports encrypted passwords
Support for encrypted passwords has been added to the virt-who service. Previously, the passwords for external services were stored in the configuration file as plain text, which exposed the password to any user with read privileges. This update introduces the virt-who-password utility, which allows encrypted passwords to be stored in the virt-who configuration file. With this change, all users who open the virt-who configuration file will see the passwords as encrypted. The encrypted passwords can be decrypted by the root user.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-07-22 07:15:20 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1154684, 1168221 |
Description
Thom Carlin
2014-10-20 22:25:28 UTC
This issue is solved by virt-who-password, that is present in virt-who >= 0.10. This means that the bug is (will be) fixed in RHEL-6.6 and RHEL-7.1. Please let me know if the solution (virt-who-password) is acceptable for the customer. When using encrypted password, you need to use create config file in /etc/virt-who.d/ with following content: [test] type=esx owner=<owner> env=<env> server=<vCenter_FQDN> username=<username> encrypted_password=<encrypeted_password> See virt-who-config(5) manual page. We did above (at another site) Using /etc/virt-who.d/file with "password", it works Using /etc/virt-who.d/file with "encrypted_password", we get "Cannot complete login due to an incorrect user name or password." then "ERROR: Unable to login to ESX" We are running a fully patched RHEL 6.6 x86_64 VM (virt-who is 0.18-8.el6). We also tried a second username with similar results. Any suggestions? Thom, looks like this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1161604 It will be resolved in 6.7. Fixed by rebase to virt-who-0.12-1.el6. Virt-who can send host/guest associate to Satellite6.1.0/SAM when virt-who configure with encrypted password, Therefore, Verified it on virt-who-0.12-2.el6.noarch Verified version: virt-who-0.12-2.el6.noarch subscription-manager-1.14.1-1.el6.x86_64 python-rhsm-1.14.1-1.el6.x86_64 Satellite-6.1.0-RHEL-7-20150331.1 Verified steps: 1. Register virt-who system to satellite/SAM. Configure virt-who under /etc/virt-who.d/ with encrypted password (virt-who-password). [root@rhel6 ~]# virt-who-password Password: Use following as value for encrypted_password key in the configuration file: 5b88800af968f28cb59089f55bc01caf [root@hp-z220-05 ~]# cat /etc/virt-who.d/virtwho [test-esx1] type=esx server=10.66.79.72 username=Administrator encrypted_password=5b88800af968f28cb59089f55bc01caf owner=ACME_Corporation env=Library [root@hp-z220-05 ~]# vim /etc/sysconfig/virt-who VIRTWHO_BACKGROUND=1 VIRTWHO_DEBUG=1 2. Restart virt-who services. [root@hp-z220-05 ~]# service virt-who restart Stopping virt-who: [ OK ] Starting virt-who: [ OK ] 3.Check the log in the /var/log/rhsm/rhsm.log, It hasn't show any error message. virt-who send host/guest mapping to satellite/SAM 2015-04-01 03:35:27,745 [DEBUG] @esx.py:51 - Log into ESX 2015-04-01 03:35:28,759 [DEBUG] @esx.py:54 - Creating ESX event filter 2015-04-01 03:35:29,079 [DEBUG] @esx.py:113 - Waiting for ESX changes 2015-04-01 03:35:29,093 [INFO] @subscriptionmanager.py:124 - Sending update in hosts-to-guests mapping: {564ddb0f-caf1-7df2-579c-2f5a43bbac65: [420e3b44-d7b1-856c-e60c-5d7442bf137c], aee4ff00-8c33-11e2-994a-6c3be51d959a: [], 86b2bd00-8bad-11e2-87f4-6c3be514699d: [4224a77f-1c50-42cb-3507-2b68b447ed60, 4224e5d2-4fcf-2bc2-2559-5846035d3a78]} Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1377.html |