Bug 500178 - RFE: enable sha512 or sha256 from autoconfig-tui
RFE: enable sha512 or sha256 from autoconfig-tui
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: authconfig (Show other bugs)
5.3
All Linux
low Severity medium
: rc
: ---
Assigned To: Tomas Mraz
BaseOS QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-11 10:22 EDT by Jim Perrin
Modified: 2009-05-11 11:27 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-11 10:37:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jim Perrin 2009-05-11 10:22:18 EDT
Description of problem:
Running authconfig-tui does not allow users to select sha512 or sha256

Version-Release number of selected component (if applicable):
5.3.21-5

How reproducible:
always

Steps to Reproduce:
1. run authconfig-tui
2. see no sha512 or sha256 options
3.
  
Actual results:
no sha512 or sha256 options

Expected results:
It would be nice to see sha512 or sha256 listed for the more paranoid admins among us

Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=500176
and http://csrc.nist.gov/groups/ST/hash/statement.html
Comment 1 Tomas Mraz 2009-05-11 10:37:15 EDT
The authconfig-tui tool is deprecated and no new features should be added there. Please use either authconfig --passalgo=sha256 --update or authconfig-gtk GUI tool.
Comment 2 Jim Perrin 2009-05-11 10:57:47 EDT
What will be replacing authconfig-tui, since this is what's listed in /etc/rc.sysinit when using 'touch /.unconfigured'

from /etc/rc.sysinit

# Configure machine if necessary.
if [ -f /.unconfigured ]; then
    if [ -x /usr/bin/rhgb-client ] && /usr/bin/rhgb-client --ping ; then
        chvt 1
    fi

    if [ -x /usr/bin/system-config-keyboard ]; then
        /usr/bin/system-config-keyboard
    fi
    if [ -x /usr/bin/passwd ]; then
        /usr/bin/passwd root
    fi
    if [ -x /usr/sbin/system-config-network-tui ]; then
        /usr/sbin/system-config-network-tui
    fi
    if [ -x /usr/sbin/timeconfig ]; then
        /usr/sbin/timeconfig
    fi
    if [ -x /usr/sbin/authconfig-tui ]; then
        /usr/sbin/authconfig-tui --nostart
    fi
    if [ -x /usr/sbin/ntsysv ]; then
        /usr/sbin/ntsysv --level 35
    fi


If authconfig-tui is deprecated, then what will be replacing it in this context?
Comment 3 Tomas Mraz 2009-05-11 11:12:11 EDT
The default for password hashes in RHEL-6 will be SHA256 or SHA512 so there will be no need to set it up in the post install phase with authconfig-tui. On the other hand although the authconfig-tui is deprecated it is not going to be removed completely for probably a long time.
Comment 4 Jim Perrin 2009-05-11 11:27:32 EDT
For RHEL6 that's fine, but what about RHEL5, which carries support until 2014 or so? Not to be antagonistic, but if it's not going away, and is referenced by other config tools (firstboot, rc.sysinit, etc) shouldn't it either be updated to support the auth mechanisms that authconfig supports or at least notify users that it's deprecated, and they should use something else (ala nslookup)?

Note You need to log in before you can comment on or make changes to this bug.