Red Hat Bugzilla – Bug 957273
autoinstall password should be scrubbed before logging
Last modified: 2015-12-02 08:35:26 EST
+++ This bug was initially created as a clone of Bug #957234 +++ When running an autoinstall the temporary password is logged in ovirt.log. It should be replaced with "XXXXXXXX" instead of the hashed password --- Additional comment from Joey Boggs on 2013-04-26 15:37:02 EDT --- http://gerrit.ovirt.org/14276
This bug is currently attached to errata RHBA-2013:15277. If this change is not to be documented in the text for this errata please either remove it from the errata, set the requires_doc_text flag to minus (-), or leave a "Doc Text" value of "--no tech note required" if you do not have permission to alter the flag. Otherwise to aid in the development of relevant and accurate release documentation, please fill out the "Doc Text" field above with these four (4) pieces of information: * Cause: What actions or circumstances cause this bug to present. * Consequence: What happens when the bug presents. * Fix: What was done to fix the bug. * Result: What now happens when the actions or circumstances above occur. (NB: this is not the same as 'the bug doesn't present anymore') Once filled out, please set the "Doc Type" field to the appropriate value for the type of change made and submit your edits to the bug. For further details on the Cause, Consequence, Fix, Result format please refer to: https://bugzilla.redhat.com/page.cgi?id=fields.html#cf_release_notes Thanks in advance.
Test version: rhevh-6.5-20131031.1.0 ovirt-node-3.0.1-7.el6.noarch Test steps: 1. auto install rhev-h with below parameters: storage_init=/dev/sda adminpw=encrypt password cim_enabled=1 cim_passwd=encrypt passwd firstboot 2. Login RHEV-H 3. Logout and login RHEV-H 4. Check ovirt.log Test result: 1. Auto install successful. 2. Pop-up msg: You are required to change your password immediately 3. Login with new password can successful 4. No temporary password logged in ovirt.log. ovirt.log ====== Nov 13 06:25:35 Setting temporary admin password usermod: user 'cim' does not exist Nov 13 06:25:35 Setting temporary admin password Nov 13 06:25:35 link to the kernel image for kdump Nov 13 06:25:35 Skip runtime mode configuration. For cim user doesn't exist issue, there is a exist bug -> Bug 1022435 - Throw "argument 1 must be Entity, not None" exception when setting cim password So the bug is fixed. I notice that the bug Depends On bug 957234, but bug 957234 is upstream bug. So I'd like verify this bug now. change bug status to VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-0033.html