Bug 1563529 - Root password hash in Operating System written in capital letters
Summary: Root password hash in Operating System written in capital letters
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Provisioning
Version: 6.3.0
Hardware: x86_64
OS: Linux
medium
medium vote
Target Milestone: Released
Assignee: Lukas Zapletal
QA Contact: Roman Plevka
URL: https://projects.theforeman.org/issue...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-04 06:17 UTC by Simon Reber
Modified: 2019-10-07 17:18 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-14 12:37:00 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:1222 None None None 2019-05-14 12:37:12 UTC
Foreman Issue Tracker 24084 None None None 2018-06-27 12:00:29 UTC
Red Hat Knowledge Base (Solution) 3497261 None None None 2018-07-26 09:46:24 UTC

Description Simon Reber 2018-04-04 06:17:01 UTC
Description of problem:

The root password hash under Operating System (SHA256, SHA512, etc) are written in capital letters. This is saved the same way into `@host.operatingsystem.password_hash`. When using `Satellite Kickstart Default` we have `authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash || 'sha256' %> --kickstart` which will fail and thus fall back to the default, as `authconfig` can't handle hash definition in capital letters.

> authconfig --passalgo=SHA512 --useshadow --kickstart
> authconfig: Unknown password hashing algorithm specified, using sha256.

Version-Release number of selected component (if applicable):

 - satellite-6.3.0.1-1.el7sat.noarch

How reproducible:

 - Always

Steps to Reproduce:
1. Select SHA512 in Operating System
2. Kickstart System with `Satellite Kickstart Default`
3. Check default password hash defined

Actual results:

> authconfig --passalgo=SHA512 --useshadow --kickstart
> authconfig: Unknown password hashing algorithm specified, using sha256.

Expected results:

> authconfig --passalgo=sha512 --useshadow --kickstart

Additional info:

Comment 3 kallies 2018-06-26 12:21:10 UTC
We ran into the same issue. The workaround for us so far is

`authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart`

Comment 4 pm-sat@redhat.com 2018-06-27 14:13:21 UTC
Upstream bug assigned to lzap@redhat.com

Comment 5 pm-sat@redhat.com 2018-06-27 14:13:24 UTC
Upstream bug assigned to lzap@redhat.com

Comment 6 pm-sat@redhat.com 2018-06-27 16:13:20 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/24084 has been resolved.

Comment 7 Lukas Zapletal 2018-07-26 09:29:39 UTC
The fix was pushed into Foreman 1.19 and will be part of future Satellite version.

https://github.com/theforeman/community-templates/pull/487/files

The workaround is to fix kickstart template in Satellite:

-authselect --useshadow --passalgo=<%= @host.operatingsystem.password_hash || 'sha256' %> --kickstart
+authselect --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart

Comment 10 Roman Plevka 2019-03-06 13:25:26 UTC
VERIFIED
on sat6.5.0-18

the template already comes with .downcase:

# hammer template dump --id 46 | grep authconfig
authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart

and renders properly

Comment 13 errata-xmlrpc 2019-05-14 12:37:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222


Note You need to log in before you can comment on or make changes to this bug.