Feature #5585
closed
Support non-md5 root password
Description
When adding a root password in a hostgroup, Foreman automagically add a salt and hashes it using the md5 algorithm.
Could it be possible to support other, more recent, algorithms, for example SHA-256 or SHA-512 and even blowfish where it is implemented?
I do not know the code, but a simple grep seems to indicate that the following code is responsible for this:
(https://github.com/theforeman/foreman/blob/develop/app/models/concerns/host_common.rb#L108)
self.root_pass = root_pass.empty? ? nil : (root_pass.starts_with?('$') ? root_pass : root_pass.crypt("$1$#{SecureRandom.base64(6)}"))
The '1' in the "$1$" here is problematic.
Could it be changed to a configuration option (with '1' used by default) ?
Thanks in advance,
Vincent
PS: during my greping, I found another part using the root password:
(https://github.com/theforeman/foreman/blob/develop/app/helpers/unattended_helper.rb#L9)
def grub_pass
@grub ? "--md5pass=#{@host.root_pass}": ""
end
This is likely to break if root_pass is not a md5 password.
Updated by Dominic Cleal over 10 years ago
- Is duplicate of Feature #2127: Support newer hash schemes for root passwords added
Updated by Dominic Cleal over 10 years ago
- Status changed from New to Duplicate
Thanks for the report, we're tracking this under #2127 (it's high up on our backlog too I think).
Updated by Vincent Brillault over 10 years ago
Sorry, I missed this one (I searched for root password, but did not find it).
Thanks.
Updated by The Foreman Bot over 10 years ago
- Target version set to 1.7.4
- Pull request https://github.com/theforeman/foreman/pull/1736 added
Updated by Dominic Cleal over 10 years ago
- Target version deleted (
1.7.4) - Pull request added
- Pull request deleted (
https://github.com/theforeman/foreman/pull/1736)