Bug 1389673

Summary: [RFE] possibility to enter encrypted passwords in --password option
Product: Red Hat Enterprise Virtualization Manager Reporter: Jaroslav Spanko <jspanko>
Component: ovirt-engine-extension-aaa-jdbcAssignee: Martin Perina <mperina>
Status: CLOSED ERRATA QA Contact: Lucie Leistnerova <lleistne>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.6.6CC: apinnick, bburmest, bgraveno, bugs, lleistne, lsvaty, mgoldboi, michal.skrivanek, mperina, pstehlik, ylavi
Target Milestone: ovirt-4.2.0Keywords: FutureFeature, ZStream
Target Release: 4.2.0Flags: pstehlik: testing_plan_complete+
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: 1.1.5 Doc Type: Enhancement
Doc Text:
Previously, administrators had to enter an unencrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'. The password was then encrypted inside ovirt-aaa-jdbc-tool and stored in the database. This update enables administrators to use the new --encrypted option to enter an already encrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'. However, there are some caveats when providing encrypted passwords: 1. Entering an encrypted password means that password validity tests cannot be performed, so they are skipped and the password is accepted even if it does not comply with the password validation policy. 2. A password has to be encrypted using the same configured algorithm. To encrypt passwords, administrators can use the '/usr/share/ovirt-engine/bin/ovirt-engine-crypto-tool.sh' tool, which provides the 'pbe-encode' command to encrypt passwords using the default PBKDF2WithHmacSHA1 algorithm.
 Story Points: ---
Clone Of:
: 1452668 (view as bug list) Environment:
Last Closed: 2018-05-15 17:35:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1452668, 1503872    

Comment 4 Martin Perina 2017-06-20 09:40:40 UTC 
Moving back to POST due to backport QA failure
Comment 5 Martin Perina 2017-06-26 14:33:12 UTC 
Fix will be included in ovirt-engine-extension-aaa-jdbc 1.1.6
Comment 7 Red Hat Bugzilla Rules Engine 2017-11-21 12:08:40 UTC 
The documentation text flag should only be set after 'doc text' field is provided. Please provide the documentation text and set the flag to '?' again.
Comment 8 Lucie Leistnerova 2017-11-22 07:43:59 UTC 
--encrypted option to ovirt-aaa-jdbc-tool added, in help described and sets the password correctly (error when bad encrypted)

verified in ovirt-engine-extension-aaa-jdbc-1.1.6-1.el7ev.noarch,
ovirt-engine-4.2.0-0.5.master.el7.noarch
Comment 13 errata-xmlrpc 2018-05-15 17:35:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:1482
Comment 14 Franta Kust 2019-05-16 13:04:00 UTC 
BZ<2>Jira Resync