Bug 1417634

Summary: Kickstart: Don't suggest typing password to command line, use standard input instead
Product: Red Hat Enterprise Linux 7 Reporter: David Jaša <djasa>
Component: doc-Installation_GuideAssignee: Clayton Spicer <cspicer>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.2CC: pbokoc, rhel-docs
Target Milestone: rcKeywords: Documentation
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-10 18:33:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Jaša 2017-01-30 13:27:40 UTC 
Document URL: 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-kickstart-syntax.html

Section Number and Name: 
23.3.2. Kickstart Commands and Options

Describe the issue: 
when describing --iscrypted option, this piece of code is suggested to get the password hash:
$ python -c 'import crypt; print(crypt.crypt("My Password"))'
The issue with this code is that the "My Password" string will be recorded in bash history.

Suggestions for improvement: 
This not-so-elegant one-liner will ask twice for password on standard input and it will print the hash only when the two passwords match, eliminating both traces of password on disk and most typos:

python -c 'import crypt,getpass;pw=getpass.getpass();print(crypt.crypt(pw) if (pw==getpass.getpass("Confirm: ")) else exit())'

Additional information: