1022484 – satpasswd on a FIPS enabled Satellite produces error

Bug 1022484 - satpasswd on a FIPS enabled Satellite produces error

Summary: satpasswd on a FIPS enabled Satellite produces error

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite 5
Classification:	Red Hat
Component:	Server
Sub Component:
Version:	560
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Michael Mráka
QA Contact:	Pavel Studeník
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	843620
TreeView+	depends on / blocked

Reported:	2013-10-23 11:47 UTC by Milan Zázrivec
Modified:	2015-01-26 11:57 UTC (History)
CC List:	3 users (show)
Fixed In Version:	spacewalk-backend-2.3.3-9-sat
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-01-26 11:57:59 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Milan Zázrivec 2013-10-23 11:47:13 UTC

Description of problem:
Running satpasswd utility on a FIPS enabled Satellite 5.6 gives the following
error:

# satpasswd 
Usage: satpasswd user [OPTION]
Change the password of a satellite user.

  -h, --help              print this message and exit
[root@dhcp-37-127 xmlrpc]# satpasswd jozefko
Password: 
Retype password: 
psql:<stdin>:2: ERROR:  new row for relation "web_contact" violates check constraint "vn_web_contact_password"
 clear_log_id 
--------------
 
(1 row)


Version-Release number of selected component (if applicable):
Satellite 5.6

How reproducible:
Always

Steps to Reproduce:
1. Satellite 5.6 installed on a FIPS enabled RHEL system
2. Run satpasswd utility

Actual results:
Above error.

Expected results:
No error, satpasswd works as expected.

Additional info:
# cat /proc/sys/crypto/fips_enabled 
1
# echo password | openssl passwd -1 -stdin
Segmentation fault

Comment 1 Michael Mráka 2014-09-10 12:35:10 UTC

Fixed in spacewalk master by
commit 19e197f4eda6b0e3491dc623a123c583e29eec2c
    1022484 - ask for new password twice
commit 4f2efe10f3c9ca6cab07e4ad2f2b01953cb99798
    satpasswd supports SHA-256 encrypted user passwords
    The tool has been re-implemented in python to take advantage of
    our rhnUser password-related routines.

Comment 2 Michael Mráka 2014-09-15 07:28:44 UTC

Backported to SATELLITE-5.7 as
commit b29f485fb5e2c63fe4e7fea484877ddb9de6fcf3
    1022484 - ask for new password twice
commit 4f2efe10f3c9ca6cab07e4ad2f2b01953cb99798 Satellite
    satpasswd supports SHA-256 encrypted user passwords
    The tool has been re-implemented in python to take advantage of
    our rhnUser password-related routines.

Note You need to log in before you can comment on or make changes to this bug.