Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to set user password following documentation #322

Closed
sandrobonazzola opened this issue Sep 29, 2021 · 6 comments · Fixed by #370
Closed

Unable to set user password following documentation #322

sandrobonazzola opened this issue Sep 29, 2021 · 6 comments · Fixed by #370

Comments

@sandrobonazzola
Copy link

Describe the bug
Documentation for setting up a password for a user on coreos doesn't work for me.
I'm following: https://docs.fedoraproject.org/en-US/fedora-coreos/authentication/#_using_password_authentication.
It says:

To generate a secure password hash, use the mkpasswd command:

$ mkpasswd --method=yescrypt
Password:
$y$j9T$A0Y3wwVOKP69S.1K/zYGN.$S596l11UGH3XjN...

I'm on CentOS Stream 8 which I used for the bastion of an OKD deployment. I run: dnf provides "*/mkpasswd" getting:

expect-5.45.4-5.el8.x86_64 : A program-script interaction and testing utility
Repo        : baseos
Matched from:
Filename    : /usr/bin/mkpasswd

Then I install it: dnf install expect. But running the suggested command:

mkpasswd --method=yescrypt
passwd: bad argument --method=yescrypt: unknown option

Reproduction steps
Steps to reproduce the behavior:

  1. see above description

Expected behavior
documentation should provide exact steps to be able to set the password for coreos users

Actual behavior
can't setup a password for the user given existing documentation

Ignition config
Please attach your FCC or Ignition config used to provision your system. Be sure to sanitize any private data. If not using FCCT to generate your Ignition config, does the Ignition config pass validation using ignition-validate?

Additional information
Add any other information about the problem here.
@bgilbert
Copy link
Contributor

The documentation for Fedora CoreOS does not necessarily apply to CentOS Stream.

@sandrobonazzola
Copy link
Author

The documentation for Fedora CoreOS does not necessarily apply to CentOS Stream.

No problem with that but the Fedora CoreOS documentation doesn't tell on which OS the documented command actually works.
And no, mkpasswd is not available within a Fedora CoreOS installation.

@bgilbert
Copy link
Contributor

Oh, I see your point. Yeah, that's a good point; thanks for the report.

@bgilbert bgilbert transferred this issue from coreos/fedora-coreos-tracker Sep 29, 2021
@sandrobonazzola
Copy link
Author

Looks like the documented commands works on Fedora 34 with the following package:

$ rpm -qf `which mkpasswd`
mkpasswd-5.5.9-1.fc34.x86_64

@travier
Copy link
Member

travier commented Oct 1, 2021

Running that command from a Fedora container might be the easiest workaround.

@bgilbert bgilbert mentioned this issue Feb 22, 2022
Merged
@bgilbert
Copy link
Contributor

Created a mkpasswd container and documented it in #370.

bgilbert added a commit that referenced this issue Feb 23, 2022
@bgilbert
authentication: use mkpasswd container
6f0e2d7 
RHEL 8 ships a different implementation of mkpasswd that doesn't support
modern hashes.  For ease of use, just containerize mkpasswd.

Fixes #322.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

authentication: use mkpasswd container
3 participants
@bgilbert @sandrobonazzola @travier