Bug #23621
closed
fips mode breaks ESXi deployment
Description
It would seem that due to http://projects.theforeman.org/issues/21875 - the md5 option for password hashing is no long available. This ends up breaking ESXi provisioning (at least until I can find a work around).
The kickstart installer for ESX does not seem to understand anything but md5. Yes, there is probably some way to get it to understand SHA256/512, but there is no documentation for this, and even the folks over in irc #vmware dont know how to do it. After 3-4 days of attempts I have given up.
It would also appear that there is no way to disable password hashing for an OS in foreman. So as it is now, it would appear there is no longer a way to provision ESX.
I've marked this as urgent as there is no current workaround and completely renders the ability to provision ESX useless in Foreman, which has worked for the last 5 years. :(
Updated by Timo Goebel over 6 years ago
- Related to Feature #21875: Add support for sha512 grub passwords to provisioning templates added
Updated by Timo Goebel over 6 years ago
- Translation missing: en.field_release set to 360
I think we should re-add this in 1.17.2.
Updated by Jeff Sparrow over 6 years ago
- Priority changed from Urgent to High
- Translation missing: en.field_release deleted (
360)
Havent had enough coffee. There is a work around - I can remove the <root_password> call in the provision script, and then manually enter in a non-hashed password. This removes the ability to allow users to set their own passwords, but at least allows us to keep provisioning ESX with foreman.
Updated by Jeff Sparrow over 6 years ago
- Translation missing: en.field_release set to 360
Updated by The Foreman Bot over 6 years ago
- Status changed from New to Ready For Testing
- Assignee set to Timo Goebel
- Pull request https://github.com/theforeman/foreman/pull/5578 added
Updated by Ivan Necas over 6 years ago
- Status changed from Ready For Testing to Closed