Bug 627613

Summary: Admin password is stored in plain text in pulp.conf
Product: [Retired] Pulp Reporter: Jay Dobies <jason.dobies>
Component: z_otherAssignee: Mike McCune <mmccune>
Status: CLOSED CURRENTRELEASE QA Contact: wes hayutin <whayutin>
Severity: medium Docs Contact:
Priority: low    
Version: unspecifiedCC: pkilambi, pthomas
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-02-17 16:52:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 647488    

Description Jay Dobies 2010-08-26 14:15:50 UTC 
We should store a hash instead.
Comment 1 Mike McCune 2010-09-24 19:14:39 UTC 
Going to instead actually fix this bug:

https://bugzilla.redhat.com/show_bug.cgi?id=631896

Bug 631896 - No way to change user password

and allow the user to use the CLI to edit the admin's password.

Will update the config file to instruct the user how to change the password.
Comment 2 Mike McCune 2010-10-29 18:47:16 UTC 
Fixed 631895 and now you can change the admin password.

Also updated the config:

commit b36c4e326d55f5ffb274c9cd2e1040ba60e11c87
Author: Mike McCune <mmccune>
Date:   Fri Oct 29 11:46:33 2010 -0700

    adding comment to show user how to edit password

diff --git a/etc/pulp/pulp.conf b/etc/pulp/pulp.conf
index b2d21d9..92bae7f 100755
--- a/etc/pulp/pulp.conf
+++ b/etc/pulp/pulp.conf
@@ -2,7 +2,7 @@
 base_url:   http://localhost
 relative_url: /pub
 default_login: admin
-# Highly recommend you change this
+# Highly recommend you change this with "pulp-admin user update" 
 default_password: admin
Comment 3 Jay Dobies 2010-11-03 19:35:39 UTC 
Fixed in build 0.78.
Comment 4 Preethi Thomas 2010-11-09 14:37:29 UTC 
verified

[root@preethi ~]# cat /etc/pulp/pulp.conf
[server]
base_url:   http://localhost
relative_url: /pub
default_login: admin
# Highly recommend you change this with "pulp-admin user update" 
default_password: admin
Comment 5 Preethi Thomas 2011-02-17 16:52:24 UTC 
Closing with community release 

pulp-0.0.139-1.fc14.noarch