Bug 1486740

Summary: [Docs][Admin]Document entering encrypted password in ovirt-aaa-jdbc-toolovirt-aaa-jdbc-tool user password-reset
Product: Red Hat Enterprise Virtualization Manager Reporter: Avital Pinnick <apinnick>
Component: DocumentationAssignee: Avital Pinnick <apinnick>
Status: CLOSED CURRENTRELEASE QA Contact: Emma Heftman <eheftman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 4.1.4CC: bgraveno, lbopf, lsurette, mvoglova, rbalakri, srevivo, ykaul
Target Milestone: ovirt-4.1.9   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-14 13:46:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Docs RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1452668    
Bug Blocks:    

Description Avital Pinnick 2017-08-30 12:33:19 UTC 
Update the Admin guide with this information (https://bugzilla.redhat.com/show_bug.cgi?id=1452668): 

Previously, administrators had to enter an unencrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'. The password was then encrypted inside ovirt-aaa-jdbc-tool and stored in the database.

This update enables administrators to use the new --encrypted option to enter an already encrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'.

However there are some caveats when providing encrypted passwords:

1. Entering an encrypted password means that password validity tests cannot be performed, so they are skipped and the password is accepted even if it does not comply with the password validation policy.

2. A password has to be encrypted using the same configured algorithm. To encrypt passwords, administrators can use the '/usr/share/ovirt-engine/bin/ovirt-engine-crypto-tool.sh' tool, which provides the 'pbe-encode' command to encrypt passwords using the default PBKDF2WithHmacSHA1 algorithm.
Comment 13 Emma Heftman 2017-12-14 13:14:41 UTC 
Verified and merged.
Comment 14 Avital Pinnick 2017-12-14 13:46:12 UTC 
Updated document:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html-single/administration_guide/#Pre-encrypting_a_User_Password
Comment 15 Lucy Bopf 2018-04-13 01:47:57 UTC 
*** Bug 1503872 has been marked as a duplicate of this bug. ***