Password conversion from *DES* to *AES* now works properly
During the upgrade from Red Hat Enterprise Linux 7.1 to 7.2, the encryption algorithm used by the *Reversible Password Plug-in* was changed from *DES* to *AES*. Directory Server automatically converted all passwords to the new algorithm upon upgrade. However, password conversion failed with an `error 32` if any defined back end was missing the top entry. Additionally, even if the conversion failed, _389-ds-base_ still disabled the *DES* plug-in, which caused existing passwords to fail to decode.
This bug has been fixed, _389-ds-base_ now ignores errors when searching back ends for passwords to convert, and the *DES* plug-in is now only disabled after all passwords are successfully converted to *AES*.
This bug is created as a clone of upstream ticket:
At server startup the server tries to convert any DES passwords to AES. But if a defined backend does not have any entries(err=32) when this process quits and it stops trying to convert DES passwords. It should continue to try all the backends, even if it encounters an error.
RHEL 7.3 x86_64 Server
[root@localhost tickets]# rpm -qa | grep 389
1. Ran automated ticket 47462:
[root@localhost tickets]# py.test -v ticket47462_test.py
================================= test session starts ======================
platform linux2 -- Python 2.7.5, pytest-2.9.2, py-1.4.31, pluggy-0.3.1 -- /usr/bin/python
rootdir: /root/ds/dirsrvtests/tests/tickets, inifile:
collected 1 items
========================== 1 passed in 64.51 seconds ===========================
As can be seen, automated test passed
Marking as verified
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.