Description of problem: The root password hash under Operating System (SHA256, SHA512, etc) are written in capital letters. This is saved the same way into `@host.operatingsystem.password_hash`. When using `Satellite Kickstart Default` we have `authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash || 'sha256' %> --kickstart` which will fail and thus fall back to the default, as `authconfig` can't handle hash definition in capital letters. > authconfig --passalgo=SHA512 --useshadow --kickstart > authconfig: Unknown password hashing algorithm specified, using sha256. Version-Release number of selected component (if applicable): - satellite-6.3.0.1-1.el7sat.noarch How reproducible: - Always Steps to Reproduce: 1. Select SHA512 in Operating System 2. Kickstart System with `Satellite Kickstart Default` 3. Check default password hash defined Actual results: > authconfig --passalgo=SHA512 --useshadow --kickstart > authconfig: Unknown password hashing algorithm specified, using sha256. Expected results: > authconfig --passalgo=sha512 --useshadow --kickstart Additional info:
We ran into the same issue. The workaround for us so far is `authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart`
Upstream bug assigned to lzap
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/24084 has been resolved.
The fix was pushed into Foreman 1.19 and will be part of future Satellite version. https://github.com/theforeman/community-templates/pull/487/files The workaround is to fix kickstart template in Satellite: -authselect --useshadow --passalgo=<%= @host.operatingsystem.password_hash || 'sha256' %> --kickstart +authselect --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart
VERIFIED on sat6.5.0-18 the template already comes with .downcase: # hammer template dump --id 46 | grep authconfig authconfig --useshadow --passalgo=<%= @host.operatingsystem.password_hash.downcase || 'sha256' %> --kickstart and renders properly
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:1222