1389673 – [RFE] possibility to enter encrypted passwords in --password option

Bug 1389673 - [RFE] possibility to enter encrypted passwords in --password option

Summary: [RFE] possibility to enter encrypted passwords in --password option

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine-extension-aaa-jdbc
Sub Component:
Version:	3.6.6
Hardware:	Unspecified
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	ovirt-4.2.0
Target Release:	4.2.0
Assignee:	Martin Perina
QA Contact:	Lucie Leistnerova
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1452668 1503872
TreeView+	depends on / blocked

Reported:	2016-10-28 08:06 UTC by Jaroslav Spanko
Modified:	2020-02-14 18:04 UTC (History)
CC List:	11 users (show)
Fixed In Version:	1.1.5
Doc Type:	Enhancement
Doc Text:	Previously, administrators had to enter an unencrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'. The password was then encrypted inside ovirt-aaa-jdbc-tool and stored in the database. This update enables administrators to use the new --encrypted option to enter an already encrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'. However, there are some caveats when providing encrypted passwords: 1. Entering an encrypted password means that password validity tests cannot be performed, so they are skipped and the password is accepted even if it does not comply with the password validation policy. 2. A password has to be encrypted using the same configured algorithm. To encrypt passwords, administrators can use the '/usr/share/ovirt-engine/bin/ovirt-engine-crypto-tool.sh' tool, which provides the 'pbe-encode' command to encrypt passwords using the default PBKDF2WithHmacSHA1 algorithm.
Clone Of:
Clones:	1452668 (view as bug list)
Environment:
Last Closed:	2018-05-15 17:35:23 UTC
oVirt Team:	Infra
Target Upstream Version:
Embargoed:
Flags:	pstehlik: testing_plan_complete+

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2018:1482	0	None	None	None	2018-05-15 17:35:34 UTC
oVirt gerrit	76498	0	master	MERGED	adding --encrypted parameter to password-reset	2020-09-03 20:43:01 UTC

Comment 4 Martin Perina 2017-06-20 09:40:40 UTC

Moving back to POST due to backport QA failure

Comment 5 Martin Perina 2017-06-26 14:33:12 UTC

Fix will be included in ovirt-engine-extension-aaa-jdbc 1.1.6

Comment 7 Red Hat Bugzilla Rules Engine 2017-11-21 12:08:40 UTC

The documentation text flag should only be set after 'doc text' field is provided. Please provide the documentation text and set the flag to '?' again.

Comment 8 Lucie Leistnerova 2017-11-22 07:43:59 UTC

--encrypted option to ovirt-aaa-jdbc-tool added, in help described and sets the password correctly (error when bad encrypted)

verified in ovirt-engine-extension-aaa-jdbc-1.1.6-1.el7ev.noarch,
ovirt-engine-4.2.0-0.5.master.el7.noarch

Comment 13 errata-xmlrpc 2018-05-15 17:35:23 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:1482

Comment 14 Franta Kust 2019-05-16 13:04:00 UTC

BZ<2>Jira Resync

Note You need to log in before you can comment on or make changes to this bug.