Bug 1022484 - satpasswd on a FIPS enabled Satellite produces error
satpasswd on a FIPS enabled Satellite produces error
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Server (Show other bugs)
560
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Michael Mráka
Pavel Studeník
:
Depends On:
Blocks: 843620
  Show dependency treegraph
 
Reported: 2013-10-23 07:47 EDT by Milan Zázrivec
Modified: 2015-01-26 06:57 EST (History)
3 users (show)

See Also:
Fixed In Version: spacewalk-backend-2.3.3-9-sat
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-01-26 06:57:59 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Milan Zázrivec 2013-10-23 07:47:13 EDT
Description of problem:
Running satpasswd utility on a FIPS enabled Satellite 5.6 gives the following
error:

# satpasswd 
Usage: satpasswd user [OPTION]
Change the password of a satellite user.

  -h, --help              print this message and exit
[root@dhcp-37-127 xmlrpc]# satpasswd jozefko
Password: 
Retype password: 
psql:<stdin>:2: ERROR:  new row for relation "web_contact" violates check constraint "vn_web_contact_password"
 clear_log_id 
--------------
 
(1 row)


Version-Release number of selected component (if applicable):
Satellite 5.6

How reproducible:
Always

Steps to Reproduce:
1. Satellite 5.6 installed on a FIPS enabled RHEL system
2. Run satpasswd utility

Actual results:
Above error.

Expected results:
No error, satpasswd works as expected.

Additional info:
# cat /proc/sys/crypto/fips_enabled 
1
# echo password | openssl passwd -1 -stdin
Segmentation fault
Comment 1 Michael Mráka 2014-09-10 08:35:10 EDT
Fixed in spacewalk master by
commit 19e197f4eda6b0e3491dc623a123c583e29eec2c
    1022484 - ask for new password twice
commit 4f2efe10f3c9ca6cab07e4ad2f2b01953cb99798
    satpasswd supports SHA-256 encrypted user passwords
    The tool has been re-implemented in python to take advantage of
    our rhnUser password-related routines.
Comment 2 Michael Mráka 2014-09-15 03:28:44 EDT
Backported to SATELLITE-5.7 as
commit b29f485fb5e2c63fe4e7fea484877ddb9de6fcf3
    1022484 - ask for new password twice
commit 4f2efe10f3c9ca6cab07e4ad2f2b01953cb99798 Satellite
    satpasswd supports SHA-256 encrypted user passwords
    The tool has been re-implemented in python to take advantage of
    our rhnUser password-related routines.

Note You need to log in before you can comment on or make changes to this bug.