971738 – Password for katello-configure as "test" provides incorrect response message.

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 971738 - Password for katello-configure as "test" provides incorrect response message.

Summary: Password for katello-configure as "test" provides incorrect response message.

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Content Management
Sub Component:
Version:	6.0.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	Unspecified
Assignee:	Mike McCune
QA Contact:	Og Maciel
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-06-07 08:13 UTC by Wade Mealing
Modified:	2019-09-26 15:48 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Wade Mealing 2013-06-07 08:13:59 UTC

Description of problem:

When using katello-configure with --user-pass=test

Katello responds:

Option[Katello user's password (--user-pass)] not correctly specified.

Version-Release number of selected component (if applicable):

katello-configure-1.4.3-14.el6sat.noarch (Nice version yo, whats up with that)

How reproducible:

Every time

Steps to Reproduce:
1. Install sat 6 katello 
2. Use the command line katello-configure --user-pass=test
3. Wait

Actual results:

Option[Katello user's password (--user-pass)] not correctly specified.

Expected results:

Option[Katello user's password (--user-pass)] The password supplied is not secure enough, please choose another password"

Additional info:

This may be something which works the second or third time, as I had tried a few times to use katello-configure and it only worked when given a longer and more secure password.

This could become a significant burden on GSS if an error message like this goes through.  I bet a lot of admins test with the password "test".

Comment 1 RHEL Program Management 2013-06-12 18:33:45 UTC

Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

Comment 3 manjiri tapaswi 2013-10-11 18:46:41 UTC

PR: https://github.com/mccun934/katello-configure/pull/1

Comment 4 manjiri tapaswi 2013-10-11 19:21:11 UTC

(In reply to manjiri tapaswi from comment #3)
> PR: https://github.com/mccun934/katello-configure/pull/1


UPDATED PR: https://github.com/Katello/katello-installer/pull/56

Comment 5 manjiri tapaswi 2013-10-11 19:42:23 UTC

(In reply to manjiri tapaswi from comment #4)
> (In reply to manjiri tapaswi from comment #3)
> > PR: https://github.com/mccun934/katello-configure/pull/1
> 
> 
> UPDATED PR: https://github.com/Katello/katello-installer/pull/56



Apologies for posting incorrect links.

PR: https://github.com/Katello/katello-installer/pull/57

Comment 6 manjiri tapaswi 2013-10-14 20:50:43 UTC

Commit: 2d2c298

Comment 9 Og Maciel 2013-10-21 20:23:14 UTC

The fix is to disallow insecure passwords during config.

Verified:

* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.8.25-1.el6sam.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.25-1.el6sam.noarch
* candlepin-tomcat6-0.8.25-1.el6sam.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* foreman-1.3.0-18.el6sat.noarch
* foreman-compute-1.3.0-18.el6sat.noarch
* foreman-libvirt-1.3.0-18.el6sat.noarch
* foreman-postgresql-1.3.0-18.el6sat.noarch
* foreman-proxy-1.3.0-3.el6sat.noarch
* katello-1.4.6-39.el6sat.noarch
* katello-all-1.4.6-39.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.4-1.el6sat.noarch
* katello-cli-1.4.3-24.el6sat.noarch
* katello-cli-common-1.4.3-24.el6sat.noarch
* katello-common-1.4.6-39.el6sat.noarch
* katello-configure-1.4.7-5.el6sat.noarch
* katello-configure-foreman-1.4.7-5.el6sat.noarch
* katello-configure-foreman-proxy-1.4.7-5.el6sat.noarch
* katello-foreman-all-1.4.6-39.el6sat.noarch
* katello-glue-candlepin-1.4.6-39.el6sat.noarch
* katello-glue-elasticsearch-1.4.6-39.el6sat.noarch
* katello-glue-pulp-1.4.6-39.el6sat.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.4.4-4.el6sat.noarch
* openldap-2.4.23-31.el6.x86_64
* pulp-katello-plugins-0.2-1.el6sat.noarch
* pulp-nodes-common-2.3.0-0.22.beta.el6sat.noarch
* pulp-nodes-parent-2.3.0-0.22.beta.el6sat.noarch
* pulp-puppet-plugins-2.3.0-0.22.beta.el6sat.noarch
* pulp-rpm-plugins-2.3.0-0.22.beta.el6sat.noarch
* pulp-selinux-2.3.0-0.22.beta.el6sat.noarch
* pulp-server-2.3.0-0.22.beta.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-ldap_fluff-0.2.2-2.el6sat.noarch
* ruby193-rubygem-net-ldap-0.3.1-3.el6sat.noarch
* ruby193-rubygem-runcible-1.0.7-1.el6sat.noarch
* signo-0.0.22-2.el6sat.noarch
* signo-katello-0.0.22-2.el6sat.noarch

Comment 11 Bryan Kearney 2014-04-24 17:10:50 UTC

This was verified and delivered with MDP2. Closing it out.

Comment 12 Bryan Kearney 2014-04-24 17:11:56 UTC

This was delivered and verified with MDP2. Closing the bug.

Note You need to log in before you can comment on or make changes to this bug.