Bug 1253048

Summary: "To create an encrypted password, use the following command:" improperly & unnecessarily suggests using custom salt
Product: Red Hat Enterprise Linux 6 Reporter: Ryan Sawhill <rsawhill>
Component: doc-Installation_GuideAssignee: Clayton Spicer <cspicer>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: medium Docs Contact:
Priority: high    
Version: 6.7CC: rsawhill, sbueno
Target Milestone: rcKeywords: Documentation
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1253051 (view as bug list) Environment:
Last Closed: 2016-08-26 00:41:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1253051    

Description Ryan Sawhill 2015-08-12 20:06:02 UTC 
Document URL: 
  https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/s1-kickstart2-options.html

Section Number and Name: 

  32.4 Kickstart Options

Describe the issue: 

  Twice on this page, you can find the following text:

    To create an encrypted password, use the following command:
      python -c 'import crypt; print(crypt.crypt("My Password", "$6$My Salt"))'
    This will create a sha512 crypt of your password using the provided salt. 

  Note that neither passwd nor grub-crypt let you specify custom salts ... so, to be clear, it's just not done, and a potentially bad practice to encourage.

Suggestions for improvement: 

  Remove all mentions of salt. The python version we have in RHEL6 and RHEL7 auto-generates an appropriate random salt when you don't specify it. Instead, the text could read:

    To create an encrypted password, use the following command:
      python -c 'import crypt; print(crypt.crypt("My Password"))'
    This will create a sha512 crypt-compatible hash of your password using a random salt. 

Additional information: 

  Here's what python's crypt looks like on RHEL6:

  # python -c 'import crypt; print(crypt.crypt("My Password"))'
  $6$ixr3bNcdW5VITMgz$8HJdnbow67FK8nDke3AyX19.Q1WqyRSM9CklF5sRcsp4j6crg0Kfm3RTTOLQibtUVGrTvK/BI5oDQ96Tx0cJq.

  # python -c 'import crypt; help(crypt.crypt)'
  Help on function crypt in module crypt:
  crypt(word, salt=None)
    Return a string representing the one-way hash of a password, with a salt
    prepended.
    
    If ``salt`` is not specified or is ``None``, the strongest
    available method will be selected and a salt generated.  Otherwise,
    ``salt`` may be one of the ``crypt.METHOD_*`` values, or a string as
    returned by ``crypt.mksalt()``.
    
    Note that these are non-standard extensions to Python 2.6's crypt.crypt()
    entrypoint, backported from 3.3: the standard Python 2.6 crypt.crypt()
    entrypoint requires two strings as the parameters, and does not support
    keyword arguments.
  (END)
Comment 2 Petr Bokoc 2015-12-14 13:56:40 UTC 
See the RHEL7 clone for details.