Project

General

Profile

Actions

Bug #23621

closed

fips mode breaks ESXi deployment

Added by Jeff Sparrow almost 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Security
Target version:
Difficulty:
easy
Triaged:
Fixed in Releases:
Found in Releases:

Description

It would seem that due to http://projects.theforeman.org/issues/21875 - the md5 option for password hashing is no long available. This ends up breaking ESXi provisioning (at least until I can find a work around).
The kickstart installer for ESX does not seem to understand anything but md5. Yes, there is probably some way to get it to understand SHA256/512, but there is no documentation for this, and even the folks over in irc #vmware dont know how to do it. After 3-4 days of attempts I have given up.

It would also appear that there is no way to disable password hashing for an OS in foreman. So as it is now, it would appear there is no longer a way to provision ESX.

I've marked this as urgent as there is no current workaround and completely renders the ability to provision ESX useless in Foreman, which has worked for the last 5 years. :(


Related issues 1 (0 open1 closed)

Related to Foreman - Feature #21875: Add support for sha512 grub passwords to provisioning templatesClosed12/05/2017Actions
Actions #1

Updated by Timo Goebel almost 6 years ago

  • Related to Feature #21875: Add support for sha512 grub passwords to provisioning templates added
Actions #2

Updated by Timo Goebel almost 6 years ago

  • translation missing: en.field_release set to 360

I think we should re-add this in 1.17.2.

Actions #3

Updated by Jeff Sparrow almost 6 years ago

  • Priority changed from Urgent to High
  • translation missing: en.field_release deleted (360)

Havent had enough coffee. There is a work around - I can remove the <root_password> call in the provision script, and then manually enter in a non-hashed password. This removes the ability to allow users to set their own passwords, but at least allows us to keep provisioning ESX with foreman.

Actions #4

Updated by Jeff Sparrow almost 6 years ago

  • translation missing: en.field_release set to 360
Actions #5

Updated by The Foreman Bot almost 6 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Timo Goebel
  • Pull request https://github.com/theforeman/foreman/pull/5578 added
Actions #6

Updated by Ivan Necas almost 6 years ago

  • Status changed from Ready For Testing to Closed
Actions

Also available in: Atom PDF