This update enables administrators to use the new --encrypted option to enter an already encrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'. However, there are some caveats when providing encrypted passwords: 1. Entering an encrypted password means that password validity tests cannot be performed, so they are skipped and the password is accepted even if it does not comply with the password validation policy. 2. A password has to be encrypted using the same configured algorithm. To encrypt passwords, administrators can use the '/usr/share/ovirt-engine/bin/ovirt-engine-crypto-tool.sh' tool, which provides the 'pbe-encode' command to encrypt passwords using the default PBKDF2WithHmacSHA1 algorithm.
Accepting into Beta 3 program and assigning to Emma for review.
Thanks for the comment, Avital. I didn't see this one until now. It looks like this feature has already been documented for 4.2 as part of bug 1486740, which covered 4.1 as well: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.2-beta/html-single/administration_guide/#pre_encrypting_a_user_password Therefore, I am closing this BZ. *** This bug has been marked as a duplicate of bug 1486740 ***