Bug #3241
closed
Default password is not set properly for Red Hats
Added by Lukas Zapletal almost 11 years ago.
Updated about 6 years ago.
Description
Steps to reproduce:
1. Install foreman
1. Change default encrypted password in settings to something else like "abcdefg"
1. Provision a RHEL 6.4 host using default kickstart template
1. Do not set any password in the New Host page, make sure it is blank in the form
1. Try to login with "abcdefg"
Does not work. Spoof kickstart and note this:
rootpw --iscrypted dog8code
It looks like we should encrypt the password when saving it into the settings. In the settings table it is stored in cleartext, the host record is set to nil.
Setting to higher priority as new users will hit this.
For me even the default password "123123" does not work. What I see after installation of Foreman 1.3 RC4 is some encrypted text in settings. But it apparently does not work well with Anaconda.
Couple of observations:
Default password set in settings in a clean installation is: xybxa6JUkz63w
When I create a new host with no password set, it renders to this in kickstart:
rootpw --iscrypted xybxa6JUkz63w
I am not sure if this is correct at all, I'd expect $N$salt$hash there. Anyway, it does not work, I cannot login with "123123".
When I try to change default pass in settings to anything, it renders again as:
rootpw --iscrypted anything
Which does not work at all for me. I am testing RHEL6.
The last part of what you say is correct. Since the Setting asks for the encrypted password, I would indeed expect a Setting of "anything" to render as "rootpw --iscrypted anything".
Looking at app/models/concerns/host_common.rb#96 for normal host(group) passwords we test for a $ at the start of the string and encrypt if it's not present. We don't do this at app/models/host/managed.rb#592, so the correct solution is probably to test for a $ in the setting and add a random hash to the start if it's not already there.
In case anyone asks, I don't think it's correct to store either the salt or the unencrypted password in the Settings menu - it's accessible to many levels of user permissions.
- Status changed from New to Ready For Testing
- Difficulty set to trivial
- Related to Tracker #3112: [TRACKER] Issues to be released in 1.3 RC or final added
- Status changed from Ready For Testing to Closed
- Related to deleted (Tracker #3112: [TRACKER] Issues to be released in 1.3 RC or final)
- Target version changed from 1.3.0 to 1.15.0
- Translation missing: en.field_release set to 2
- Difficulty changed from trivial to easy
Also available in: Atom
PDF