Bug 1563529 - Root password hash in Operating System written in capital letters
Summary: Root password hash in Operating System written in capital letters
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Provisioning
Version: 6.3.0
Hardware: x86_64
OS: Linux
medium vote
Target Milestone: 6.5.0
Assignee: Lukas Zapletal
QA Contact: Roman Plevka
URL: https://projects.theforeman.org/issue...
Depends On:
TreeView+ depends on / blocked
Reported: 2018-04-04 06:17 UTC by Simon Reber
Modified: 2021-09-09 13:35 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-05-14 12:37:00 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 24084 0 Normal Closed Password hash propagation (operatingsystem/kickstart template) to authconfig doesn't work 2020-12-23 14:04:33 UTC
Red Hat Knowledge Base (Solution) 3497261 0 None None None 2018-07-26 09:46:24 UTC
Red Hat Product Errata RHSA-2019:1222 0 None None None 2019-05-14 12:37:12 UTC

Description Simon Reber 2018-04-04 06:17:01 UTC
Description of problem:

The root password hash under Operating System (SHA256, SHA512, etc) are written in capital letters. This is saved the same way into `@host.operatingsystem.password_hash`. When using `Satellite Kickstart Default` we have `authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash || 'sha256' %> --kickstart` which will fail and thus fall back to the default, as `authconfig` can't handle hash definition in capital letters.

> authconfig --passalgo=SHA512 --useshadow --kickstart
> authconfig: Unknown password hashing algorithm specified, using sha256.

Version-Release number of selected component (if applicable):

 - satellite-

How reproducible:

 - Always

Steps to Reproduce:
1. Select SHA512 in Operating System
2. Kickstart System with `Satellite Kickstart Default`
3. Check default password hash defined

Actual results:

> authconfig --passalgo=SHA512 --useshadow --kickstart
> authconfig: Unknown password hashing algorithm specified, using sha256.

Expected results:

> authconfig --passalgo=sha512 --useshadow --kickstart

Additional info:

Comment 3 kallies 2018-06-26 12:21:10 UTC
We ran into the same issue. The workaround for us so far is

`authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart`

Comment 4 Satellite Program 2018-06-27 14:13:21 UTC
Upstream bug assigned to lzap

Comment 5 Satellite Program 2018-06-27 14:13:24 UTC
Upstream bug assigned to lzap

Comment 6 Satellite Program 2018-06-27 16:13:20 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/24084 has been resolved.

Comment 7 Lukas Zapletal 2018-07-26 09:29:39 UTC
The fix was pushed into Foreman 1.19 and will be part of future Satellite version.


The workaround is to fix kickstart template in Satellite:

-authselect --useshadow --passalgo=<%= @host.operatingsystem.password_hash || 'sha256' %> --kickstart
+authselect --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart

Comment 10 Roman Plevka 2019-03-06 13:25:26 UTC
on sat6.5.0-18

the template already comes with .downcase:

# hammer template dump --id 46 | grep authconfig
authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart

and renders properly

Comment 13 errata-xmlrpc 2019-05-14 12:37:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.