Bug 1374307 - No password is required when adding to manage another system from cockpit
Summary: No password is required when adding to manage another system from cockpit
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: ovirt-node
Classification: oVirt
Component: UI
Version: 4.0
Hardware: Unspecified
OS: Unspecified
unspecified
high vote
Target Milestone: ---
: ---
Assignee: Fabian Deutsch
QA Contact: dguo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-08 12:19 UTC by dguo
Modified: 2016-09-10 10:17 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-10 10:17:05 UTC
oVirt Team: Node
rule-engine: planning_ack?
rule-engine: devel_ack?
cshao: testing_ack+

Attachments (Terms of Use)
Add the system which has same password (47.35 KB, image/png)
2016-09-08 12:19 UTC, dguo 		no flags Details
Add success without any authentication if the password are same (48.54 KB, image/png)
2016-09-08 12:20 UTC, dguo 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description dguo 2016-09-08 12:19:29 UTC 
Created attachment 1199050 [details]
Add the system which has same password

Description of problem:
To achieve multiple server management in cockpit, adding another system, It does not require any authentication if the two passwords are the same 

Version-Release number of selected component (if applicable):
rhvh-4.0-0.20160829.0+1
cockpit-ws-0.114-2.el7.x86_64
cockpit-ovirt-dashboard-0.10.6-1.3.6.el7ev.noarch
imgbased-0.8.4-1.el7ev.noarch 

How reproducible:
100%

Steps to Reproduce:
1. Install RHVH4.0 on system "host1", the root password is "redhat"
2. Install RHVH4.0 on system "host2", the root password is "redhat"
3. Login "host1" via cockpit UI on system host1
4. Enter into Dashboard
5. In the Server section, click "+" button to add another system "host2"
6. On the popup dialog, Input the address, and click "add"
7. Then in another popup dialog, click "connect"

Actual results:
After step#5, the server were successfully added to local cocpit

Expected results:
After step#5, It requires to input the username and password to get authentication to add another test system 

Additional info:
1. If the two system's root passwords are same, no authentication dialog appears
2. If the passwords are not same, The authentication dialog appears to let you input the username and password. Then input the info, add successfully.
3. Can catch this issue not only on this build, but also the latest build 20160906.0
Comment 1 dguo 2016-09-08 12:20:26 UTC 
Created attachment 1199051 [details]
Add success without any authentication if the password are same
Comment 2 Fabian Deutsch 2016-09-09 15:07:39 UTC 
I'm not sure if this is a bug, or rather strategy: The same password is probably tried to log into the second host. We were already discussing this a little bit in bug 1330475.

Stef, what's your view on this?
Comment 3 Stef Walter 2016-09-09 15:10:12 UTC 
Yes, we use the same password to log into the other host, and if it works we don't prompt further.

Look in the user menu (top right), under Authentication and you can see the option selected which allow that to happen. What we don't yet have is a checkbox while logging in (on the login screen) that lets you choose whether to:

"Use my password for privileged tasks and to connect to other machines"
Comment 4 Fabian Deutsch 2016-09-10 10:17:05 UTC 
Thanks Stef.

This imght be a scary behavior if you don't know what's going on.

But closing according to comment 3.

If you think some change is required in Cockpit to highlight this behavior (or th esuggested box by Stef in comment 3): Please open an RFE.
Note You need to log in before you can comment on or make changes to this bug.