Bug 55612 - Kickstart rootpw --iscrypted doesn't work
Kickstart rootpw --iscrypted doesn't work
Status: CLOSED WORKSFORME
Product: Red Hat Linux
Classification: Retired
Component: ksconfig (Show other bugs)
7.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Brent Fox
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-11-02 16:29 EST by jeff
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-01-18 15:37:54 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
sample ks.cfg file that doesn't set rootpw to "t3stm3" (10.95 KB, text/plain)
2001-11-05 13:22 EST, jeff
no flags Details

  None (edit)
Description jeff 2001-11-02 16:29:14 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011012

Description of problem:
The following doesn't work in a standard ks.cfg file...

rootpw --iscrypted '$1$XqNeDUb9$uJFxmfG2znreuiu1XyWho/'

What I get instead is some (apparently non md5) random
password instead in /etc/shadow.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.create a kickstart file with a md5 encrypted rootpw
2.install, an reboot
3.try to log in with the original cleartext form of you encrypted
  password.
	

Actual Results:  Can't log in. Need to reboot in single user mode to obtain
root
priviledges and then issue a manual passwd command to reset the
password.


Expected Results:  Expected to log in using known password

Additional info:
Comment 1 Brent Fox 2001-11-03 10:02:27 EST
Hmm...this worked in my testing...I'll take another look at it.
Comment 2 Brent Fox 2001-11-03 10:22:21 EST
This still works for me...I just did an install and things worked fine.

Can you attach your kickstart file?
Comment 3 jeff 2001-11-05 13:22:35 EST
Created attachment 36472 [details]
sample ks.cfg file that doesn't set rootpw to "t3stm3"
Comment 4 jeff 2001-11-05 13:27:45 EST
The encrypted text in the previous attachment was obtained by
doing "passwd" as root on a different box and then copying the
contents from /etc/shadow on that box. The password I specified is
"t3stm3" (excluding the quotes).

What got installed on a machine after installing with this ks.cfg file
was:

    root:aBtwyC/9wkybE:11533:0:99999:7:::

clearly not the

    root:$1$Gs5S2B7M$GCGia9bw4I8oGS9SekoRc.:11533:0:99999:7:::

that I intended.
I have also made the assumption that maybe the kickstart expands
variables and I have tried enclosing the password in single quotes
but this did not help.

Also it appears that the password that did get installed (whatever that
is) is not an md5 format password; it doesn't seem long enough or start
with $x$.
Comment 5 Brent Fox 2001-11-06 17:30:08 EST
This kickstart file says that it was generated by anaconda...not ksconfig.  Is
that correct?
Comment 6 jeff 2001-11-08 17:17:51 EST
Doh! sorry about that. Actually it was generated by anaconda but I
pretty much hand edited the whole thing. So I suggest that only
thing left from anaconda was the comment lines.
Comment 7 Brent Fox 2001-11-08 23:53:06 EST
So, I'm trying to figure out what generated the rootpw line in the kickstart
file.  Was it generated by anaconda or ksconfig?  Or something else?
Comment 8 jeff 2001-11-09 14:59:53 EST
I generated the password by doing...

useradd user
passwd user
<enter the desired password twice>

now I cut and paste the md5 password from /etc/shadow into the
config file.
Yes this seems very kludgy but I can't find any documentation
that describes how I'm suppose to manually generate a valid
md5 password. The manuals describe "--iscrypted" but don't
describe how you can generate a valid parameter for it.

The above procedure worked in RH7.1. I assumed it would work in
7.2. Further... How come after I kickstart a machine the entry
in /etc/shadow is *totally* different from what I specified.
I would think that if I specified "--iscrypted blahblahblah"
then "blahblahblah" should be in /etc/shadow.
Comment 9 Brent Fox 2001-11-09 16:30:30 EST
Use ksconfig.  Click the box for "Encrypt root password" and enter a root
password.  Then click "Save File" to preview the kickstart file.  Cut and paste
the "rootpw" line into your existing kickstart file.  Does that work?
Comment 10 Brent Fox 2002-01-17 10:22:51 EST
Closing due to inactivity.  Please reopen if you have more information.

Note You need to log in before you can comment on or make changes to this bug.