Red Hat Bugzilla – Bug 55612
Kickstart rootpw --iscrypted doesn't work
Last modified: 2008-05-01 11:38:01 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.5) Gecko/20011012
Description of problem:
The following doesn't work in a standard ks.cfg file...
rootpw --iscrypted '$1$XqNeDUb9$uJFxmfG2znreuiu1XyWho/'
What I get instead is some (apparently non md5) random
password instead in /etc/shadow.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.create a kickstart file with a md5 encrypted rootpw
2.install, an reboot
3.try to log in with the original cleartext form of you encrypted
Actual Results: Can't log in. Need to reboot in single user mode to obtain
priviledges and then issue a manual passwd command to reset the
Expected Results: Expected to log in using known password
Hmm...this worked in my testing...I'll take another look at it.
This still works for me...I just did an install and things worked fine.
Can you attach your kickstart file?
Created attachment 36472 [details]
sample ks.cfg file that doesn't set rootpw to "t3stm3"
The encrypted text in the previous attachment was obtained by
doing "passwd" as root on a different box and then copying the
contents from /etc/shadow on that box. The password I specified is
"t3stm3" (excluding the quotes).
What got installed on a machine after installing with this ks.cfg file
clearly not the
that I intended.
I have also made the assumption that maybe the kickstart expands
variables and I have tried enclosing the password in single quotes
but this did not help.
Also it appears that the password that did get installed (whatever that
is) is not an md5 format password; it doesn't seem long enough or start
This kickstart file says that it was generated by anaconda...not ksconfig. Is
Doh! sorry about that. Actually it was generated by anaconda but I
pretty much hand edited the whole thing. So I suggest that only
thing left from anaconda was the comment lines.
So, I'm trying to figure out what generated the rootpw line in the kickstart
file. Was it generated by anaconda or ksconfig? Or something else?
I generated the password by doing...
<enter the desired password twice>
now I cut and paste the md5 password from /etc/shadow into the
Yes this seems very kludgy but I can't find any documentation
that describes how I'm suppose to manually generate a valid
md5 password. The manuals describe "--iscrypted" but don't
describe how you can generate a valid parameter for it.
The above procedure worked in RH7.1. I assumed it would work in
7.2. Further... How come after I kickstart a machine the entry
in /etc/shadow is *totally* different from what I specified.
I would think that if I specified "--iscrypted blahblahblah"
then "blahblahblah" should be in /etc/shadow.
Use ksconfig. Click the box for "Encrypt root password" and enter a root
password. Then click "Save File" to preview the kickstart file. Cut and paste
the "rootpw" line into your existing kickstart file. Does that work?
Closing due to inactivity. Please reopen if you have more information.