Red Hat Bugzilla – Bug 1052257
[RFE] Make default root password encryption be SHA256
Last modified: 2018-08-31 11:19 EDT
Current kickstarts are delivered with MD5 hashes. Instad, it should be SHA256.
Upstream bug assigned to ddolguik@redhat.com
Moving to POST since upstream bug http://projects.theforeman.org/issues/2127 has been closed ------------- Anonymous Applied in changeset commit:2d7f0315b4653f5eaa4bd7493c4d07375c637a97.
So I am sending this back to dev for commentary, because I have spent a lot of time looking at the upstream bug and commits, and one key thing may (or may not?) be missing... Much of the backend code is there. However, I have not found anywhere in the UI (based on various discussions in github, screenshots, etc.) where this is actually possible in the UI. Furthermore, I do not see the following change reflected in the product: http://projects.theforeman.org/projects/foreman/repository/revisions/2d7f0315b4653f5eaa4bd7493c4d07375c637a97/diff/app/views/operatingsystems/_form.html.erb Now, I understand that this is a pretty old BZ and things might have changed significantly in this time, but seeing as I have yet to find where, in the UI, that user should be able to actually choose/select a password hash type, and I don't see any associated ability to make this change reflected in the templates, I want to send it back for some details. If there's a satisfactory answer, I'll close out the bz.
To clarify, it looks like, in the upstream bug, there is supposed to be the ability to choose hash type (beyond the a default SHA256) and I am not sure I see this.
Nevermind, I found it. Was looking in the wrong place. Verified in Satellite-6.1.0-RHEL-7-20150320.1
However... no. While the dropdown exists, the default appears to always, MD5, not SHA256.
Created attachment 1006102 [details] screenshot showing an OS distribution with a default MD5 hash
Fixed upstream in commit d4692e4e0a8f26acb001df47742cc88d083c2113. Also see http://projects.theforeman.org/issues/10289
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:1592
Accidentally closed with 6.1.1 errata
Verified with upstream build: foreman-proxy-1.10.0-0.develop.201508250705gitb446e0c.el6.noarch rubygem-smart_proxy_discovery-1.0.2-1.el6.noarch foreman-1.10.0-0.develop.201508241946git8658fa3.el6.noarch foreman-release-1.10.0-0.develop.201508241946git8658fa3.el6.noarch ruby193-rubygem-hammer_cli_import-0.10.21-3.el6.noarch ruby193-rubygem-hammer_cli_foreman_docker-0.0.3-3.el6.noarch ruby193-rubygem-hammer_cli-0.3.0-1.201508241209git174f507.el6.noarch ruby193-rubygem-hammer_cli_foreman_tasks-0.0.7-2.el6.noarch ruby193-rubygem-hammer_cli_foreman_bootdisk-0.1.3-2.el6.noarch ruby193-rubygem-hammer_cli_katello-0.0.17-1.el6.noarch Now I can see sha256 set as default for root password encryption. Please see the attached screenshot
Created attachment 1068977 [details] default root password encription set as sha256
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1501