Bug 1486740 - [Docs][Admin]Document entering encrypted password in ovirt-aaa-jdbc-toolovirt-aaa-jdbc-tool user password-reset
Summary: [Docs][Admin]Document entering encrypted password in ovirt-aaa-jdbc-toolovirt...
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: Documentation
Version: 4.1.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: ovirt-4.1.9
: ---
Assignee: Avital Pinnick
QA Contact: Emma Heftman
: 1503872 (view as bug list)
Depends On: 1452668
TreeView+ depends on / blocked
Reported: 2017-08-30 12:33 UTC by Avital Pinnick
Modified: 2019-05-07 12:55 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-12-14 13:46:12 UTC
oVirt Team: Docs
Target Upstream Version:

Attachments (Terms of Use)

Description Avital Pinnick 2017-08-30 12:33:19 UTC
Update the Admin guide with this information (https://bugzilla.redhat.com/show_bug.cgi?id=1452668): 

Previously, administrators had to enter an unencrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'. The password was then encrypted inside ovirt-aaa-jdbc-tool and stored in the database.

This update enables administrators to use the new --encrypted option to enter an already encrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'.

However there are some caveats when providing encrypted passwords:

1. Entering an encrypted password means that password validity tests cannot be performed, so they are skipped and the password is accepted even if it does not comply with the password validation policy.

2. A password has to be encrypted using the same configured algorithm. To encrypt passwords, administrators can use the '/usr/share/ovirt-engine/bin/ovirt-engine-crypto-tool.sh' tool, which provides the 'pbe-encode' command to encrypt passwords using the default PBKDF2WithHmacSHA1 algorithm.

Comment 13 Emma Heftman 2017-12-14 13:14:41 UTC
Verified and merged.

Comment 15 Lucy Bopf 2018-04-13 01:47:57 UTC
*** Bug 1503872 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.