fips mode breaks ESXi deployment
|Triaged:||Fixed in Releases:|
|Bugzilla link:||Found in Releases:||1.17.0|
It would seem that due to http://projects.theforeman.org/issues/21875 - the md5 option for password hashing is no long available. This ends up breaking ESXi provisioning (at least until I can find a work around).
The kickstart installer for ESX does not seem to understand anything but md5. Yes, there is probably some way to get it to understand SHA256/512, but there is no documentation for this, and even the folks over in irc #vmware dont know how to do it. After 3-4 days of attempts I have given up.
It would also appear that there is no way to disable password hashing for an OS in foreman. So as it is now, it would appear there is no longer a way to provision ESX.
I've marked this as urgent as there is no current workaround and completely renders the ability to provision ESX useless in Foreman, which has worked for the last 5 years. :(
#3 Updated by Jeff Sparrow 2 months ago
- Legacy Backlogs Release (now unused) deleted (
- Priority changed from Urgent to High
Havent had enough coffee. There is a work around - I can remove the <root_password> call in the provision script, and then manually enter in a non-hashed password. This removes the ability to allow users to set their own passwords, but at least allows us to keep provisioning ESX with foreman.