Bug 1563529

Summary: Root password hash in Operating System written in capital letters
Product: Red Hat Satellite Reporter: Simon Reber <sreber>
Component: ProvisioningAssignee: Lukas Zapletal <lzap>
Status: CLOSED ERRATA QA Contact: Roman Plevka <rplevka>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.3.0CC: aagrawal, inecas, kallies, lzap, pcreech
Target Milestone: 6.5.0Keywords: Triaged
Target Release: Unused   
Hardware: x86_64   
OS: Linux   
URL: https://projects.theforeman.org/issues/24084
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-05-14 12:37:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Simon Reber 2018-04-04 06:17:01 UTC 
Description of problem:

The root password hash under Operating System (SHA256, SHA512, etc) are written in capital letters. This is saved the same way into `@host.operatingsystem.password_hash`. When using `Satellite Kickstart Default` we have `authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash || 'sha256' %> --kickstart` which will fail and thus fall back to the default, as `authconfig` can't handle hash definition in capital letters.

> authconfig --passalgo=SHA512 --useshadow --kickstart
> authconfig: Unknown password hashing algorithm specified, using sha256.

Version-Release number of selected component (if applicable):

 - satellite-6.3.0.1-1.el7sat.noarch

How reproducible:

 - Always

Steps to Reproduce:
1. Select SHA512 in Operating System
2. Kickstart System with `Satellite Kickstart Default`
3. Check default password hash defined

Actual results:

> authconfig --passalgo=SHA512 --useshadow --kickstart
> authconfig: Unknown password hashing algorithm specified, using sha256.

Expected results:

> authconfig --passalgo=sha512 --useshadow --kickstart

Additional info:
Comment 3 kallies 2018-06-26 12:21:10 UTC 
We ran into the same issue. The workaround for us so far is

`authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart`
Comment 4 Satellite Program 2018-06-27 14:13:21 UTC 
Upstream bug assigned to lzap
Comment 5 Satellite Program 2018-06-27 14:13:24 UTC 
Upstream bug assigned to lzap
Comment 6 Satellite Program 2018-06-27 16:13:20 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/24084 has been resolved.
Comment 7 Lukas Zapletal 2018-07-26 09:29:39 UTC 
The fix was pushed into Foreman 1.19 and will be part of future Satellite version.

https://github.com/theforeman/community-templates/pull/487/files

The workaround is to fix kickstart template in Satellite:

-authselect --useshadow --passalgo=<%= @host.operatingsystem.password_hash || 'sha256' %> --kickstart
+authselect --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart
Comment 10 Roman Plevka 2019-03-06 13:25:26 UTC 
VERIFIED
on sat6.5.0-18

the template already comes with .downcase:

# hammer template dump --id 46 | grep authconfig
authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart

and renders properly
Comment 13 errata-xmlrpc 2019-05-14 12:37:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222