| 2016-04-14 11:16:00 |
Tore |
bug |
|
|
added bug |
| 2016-04-14 11:16:15 |
Tore |
summary |
RFE: chpasswd in cloud-init should |
RFE: chpasswd in cloud-init should support hashed passwords |
|
| 2016-11-03 13:38:05 |
Tore |
bug |
|
|
added subscriber Tore |
| 2016-11-04 11:03:54 |
Tore |
merge proposal linked |
|
https://code.launchpad.net/~tore.lonoy/cloud-init/+git/cloud-init/+merge/310051 |
|
| 2017-01-12 18:23:18 |
Scott Moser |
cloud-init: status |
New |
Confirmed |
|
| 2017-01-12 18:23:20 |
Scott Moser |
cloud-init: importance |
Undecided |
Medium |
|
| 2017-03-24 20:48:08 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~smoser/cloud-init/+git/cloud-init/+merge/320986 |
|
| 2017-03-25 03:00:44 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~smoser/cloud-init/+git/cloud-init/+merge/321000 |
|
| 2017-04-03 16:18:58 |
Scott Moser |
bug task added |
|
cloud-init (Ubuntu) |
|
| 2017-04-03 16:19:49 |
Scott Moser |
nominated for series |
|
Ubuntu Yakkety |
|
| 2017-04-03 16:19:49 |
Scott Moser |
bug task added |
|
cloud-init (Ubuntu Yakkety) |
|
| 2017-04-03 16:19:49 |
Scott Moser |
nominated for series |
|
Ubuntu Xenial |
|
| 2017-04-03 16:19:49 |
Scott Moser |
bug task added |
|
cloud-init (Ubuntu Xenial) |
|
| 2017-04-03 16:20:44 |
Scott Moser |
cloud-init (Ubuntu): status |
New |
Fix Released |
|
| 2017-04-03 16:20:46 |
Scott Moser |
cloud-init (Ubuntu): importance |
Undecided |
Medium |
|
| 2017-04-03 16:20:50 |
Scott Moser |
cloud-init (Ubuntu Xenial): status |
New |
Confirmed |
|
| 2017-04-03 16:20:52 |
Scott Moser |
cloud-init (Ubuntu Yakkety): status |
New |
Confirmed |
|
| 2017-04-03 16:20:55 |
Scott Moser |
cloud-init (Ubuntu Xenial): importance |
Undecided |
Medium |
|
| 2017-04-03 16:20:56 |
Scott Moser |
cloud-init (Ubuntu Yakkety): importance |
Undecided |
Medium |
|
| 2017-04-04 18:02:52 |
Scott Moser |
description |
The only way to assign a hashed password to a user is to use passwd within a users entry like this:
users:
- name: root
passwd: $6$Cl....Hy$IEJciQZLxQLzkST......g.bzqf3lUl.
But, if that user is already present on the system, cloud-init will skip setting the password:
journal: [CLOUDINIT] __init__.py[INFO]: User root already exists, skipping.
You can change password with chpasswd, but that only supports clear-text password.
Requesting that chpasswd get support for setting a hashed password to users. |
=== Begin SRU Template ===
[Impact]
The only way to assign a hashed password to a user is to use passwd within a
users entry like this:
users:
- name: root
passwd: $6$Cl....Hy$IEJciQZLxQLzkST......g.bzqf3lUl.
But, if that user is already present on the system, cloud-init would skip
setting the password. The change was to add support for providing
encrypted passwords to 'chpasswd' as:
chpasswd:
list: |
user:$5$eriogqzq$Dg7PxHsKGzziuEGkZgkLvacjuEFeljJ.rLf.hZqKQLA
[Test Case]
There is an integration test in cloud-init that runs though this code.
To run that:
$ git clone https://git.launchpad.net/cloud-init
$ cd cloud-init
# download the appropriate deb for cloud-init from -proposed
# to
$ rel=xenial
$ http://archive.ubuntu.com/ubuntu/pool/main/c/cloud-init/cloud-init_0.7.9-48-g1c795b9-0ubuntu1~16.04.1_all.deb
$ pver=$(rmadison --url=ubuntu --suite=$rel-proposed cloud-init |
awk '{print $3}')
$ fname="cloud-init_${pver}_all.deb"
$ wget "http://archive.ubuntu.com/ubuntu/pool/main/c/cloud-init/$fname"
$ ln -sf $fname cloud-init_all.$rel.deb
$ tox -e citest -- run -v -n $rel --deb=cloud-init_all.$rel.deb \
-t tests/cloud_tests/testcases/modules/set_password_list_string.py \
-t tests/cloud_tests/testcases/modules/set_password_list.py
That will install the new cloud-init into a container and run
with user data to excercise this new feature.
[Regression Potential]
Some user passwords provided via chpasswd and starting with '$'
may be interpreted as hashed passwords.
Specifically, those matching: r'\$[1,2a,2y,5,6](\$.+){2}'
If a user hits this, they'd be unable to reach a new instance.
[Other Info]
=== End SRU Template ===
The only way to assign a hashed password to a user is to use passwd within a users entry like this:
users:
- name: root
passwd: $6$Cl....Hy$IEJciQZLxQLzkST......g.bzqf3lUl.
But, if that user is already present on the system, cloud-init will skip setting the password:
journal: [CLOUDINIT] __init__.py[INFO]: User root already exists, skipping.
You can change password with chpasswd, but that only supports clear-text password.
Requesting that chpasswd get support for setting a hashed password to users. |
|
| 2017-04-04 18:07:51 |
Scott Moser |
description |
=== Begin SRU Template ===
[Impact]
The only way to assign a hashed password to a user is to use passwd within a
users entry like this:
users:
- name: root
passwd: $6$Cl....Hy$IEJciQZLxQLzkST......g.bzqf3lUl.
But, if that user is already present on the system, cloud-init would skip
setting the password. The change was to add support for providing
encrypted passwords to 'chpasswd' as:
chpasswd:
list: |
user:$5$eriogqzq$Dg7PxHsKGzziuEGkZgkLvacjuEFeljJ.rLf.hZqKQLA
[Test Case]
There is an integration test in cloud-init that runs though this code.
To run that:
$ git clone https://git.launchpad.net/cloud-init
$ cd cloud-init
# download the appropriate deb for cloud-init from -proposed
# to
$ rel=xenial
$ http://archive.ubuntu.com/ubuntu/pool/main/c/cloud-init/cloud-init_0.7.9-48-g1c795b9-0ubuntu1~16.04.1_all.deb
$ pver=$(rmadison --url=ubuntu --suite=$rel-proposed cloud-init |
awk '{print $3}')
$ fname="cloud-init_${pver}_all.deb"
$ wget "http://archive.ubuntu.com/ubuntu/pool/main/c/cloud-init/$fname"
$ ln -sf $fname cloud-init_all.$rel.deb
$ tox -e citest -- run -v -n $rel --deb=cloud-init_all.$rel.deb \
-t tests/cloud_tests/testcases/modules/set_password_list_string.py \
-t tests/cloud_tests/testcases/modules/set_password_list.py
That will install the new cloud-init into a container and run
with user data to excercise this new feature.
[Regression Potential]
Some user passwords provided via chpasswd and starting with '$'
may be interpreted as hashed passwords.
Specifically, those matching: r'\$[1,2a,2y,5,6](\$.+){2}'
If a user hits this, they'd be unable to reach a new instance.
[Other Info]
=== End SRU Template ===
The only way to assign a hashed password to a user is to use passwd within a users entry like this:
users:
- name: root
passwd: $6$Cl....Hy$IEJciQZLxQLzkST......g.bzqf3lUl.
But, if that user is already present on the system, cloud-init will skip setting the password:
journal: [CLOUDINIT] __init__.py[INFO]: User root already exists, skipping.
You can change password with chpasswd, but that only supports clear-text password.
Requesting that chpasswd get support for setting a hashed password to users. |
=== Begin SRU Template ===
[Impact]
The only way to assign a hashed password to a user is to use passwd within a
users entry like this:
users:
- name: root
passwd: $6$Cl....Hy$IEJciQZLxQLzkST......g.bzqf3lUl.
But, if that user is already present on the system, cloud-init would skip
setting the password. The change was to add support for providing
encrypted passwords to 'chpasswd' as:
chpasswd:
list: |
user:$5$eriogqzq$Dg7PxHsKGzziuEGkZgkLvacjuEFeljJ.rLf.hZqKQLA
[Test Case]
There is an integration test in cloud-init that runs though this code.
To run that:
$ git clone https://git.launchpad.net/cloud-init
$ cd cloud-init
# download the appropriate deb for cloud-init from -proposed
# to
$ rel=xenial
$ http://archive.ubuntu.com/ubuntu/pool/main/c/cloud-init/cloud-init_0.7.9-48-g1c795b9-0ubuntu1~16.04.1_all.deb
$ pver=$(rmadison --url=ubuntu --suite=$rel-proposed cloud-init |
awk '{print $3}')
$ fname="cloud-init_${pver}_all.deb"
$ wget "http://archive.ubuntu.com/ubuntu/pool/main/c/cloud-init/$fname"
$ ln -sf $fname cloud-init_all.$rel.deb
$ tox -e citest -- run -v -n $rel --deb=cloud-init_all.$rel.deb \
-t tests/cloud_tests/testcases/modules/set_password_list_string.py \
-t tests/cloud_tests/testcases/modules/set_password_list.py
That will install the new cloud-init into a container and run
with user data to excercise this new feature.
[Regression Potential]
Some user passwords provided via chpasswd and starting with '$'
may be interpreted as hashed passwords.
Specifically, those matching: r'\$[1,2a,2y,5,6](\$.+){2}'
In english, that regex is:
- starts with a '$'
- followed by '1', '2a', '2y', '5', '6'
- followed by a $
- followed by 1 or more characters
- followed by another $
- followed by 1 or more characters
So a total of 3 '$' and starting with one of those specific 3 or 4
character strings. That could definitely happen, but it is low odds, and also fairly low risk. If a user hits this, they'd be unable to reach a new instance.
[Other Info]
=== End SRU Template ===
The only way to assign a hashed password to a user is to use passwd within a users entry like this:
users:
- name: root
passwd: $6$Cl....Hy$IEJciQZLxQLzkST......g.bzqf3lUl.
But, if that user is already present on the system, cloud-init will skip setting the password:
journal: [CLOUDINIT] __init__.py[INFO]: User root already exists, skipping.
You can change password with chpasswd, but that only supports clear-text password.
Requesting that chpasswd get support for setting a hashed password to users. |
|
| 2017-04-04 21:29:34 |
Scott Moser |
description |
=== Begin SRU Template ===
[Impact]
The only way to assign a hashed password to a user is to use passwd within a
users entry like this:
users:
- name: root
passwd: $6$Cl....Hy$IEJciQZLxQLzkST......g.bzqf3lUl.
But, if that user is already present on the system, cloud-init would skip
setting the password. The change was to add support for providing
encrypted passwords to 'chpasswd' as:
chpasswd:
list: |
user:$5$eriogqzq$Dg7PxHsKGzziuEGkZgkLvacjuEFeljJ.rLf.hZqKQLA
[Test Case]
There is an integration test in cloud-init that runs though this code.
To run that:
$ git clone https://git.launchpad.net/cloud-init
$ cd cloud-init
# download the appropriate deb for cloud-init from -proposed
# to
$ rel=xenial
$ http://archive.ubuntu.com/ubuntu/pool/main/c/cloud-init/cloud-init_0.7.9-48-g1c795b9-0ubuntu1~16.04.1_all.deb
$ pver=$(rmadison --url=ubuntu --suite=$rel-proposed cloud-init |
awk '{print $3}')
$ fname="cloud-init_${pver}_all.deb"
$ wget "http://archive.ubuntu.com/ubuntu/pool/main/c/cloud-init/$fname"
$ ln -sf $fname cloud-init_all.$rel.deb
$ tox -e citest -- run -v -n $rel --deb=cloud-init_all.$rel.deb \
-t tests/cloud_tests/testcases/modules/set_password_list_string.py \
-t tests/cloud_tests/testcases/modules/set_password_list.py
That will install the new cloud-init into a container and run
with user data to excercise this new feature.
[Regression Potential]
Some user passwords provided via chpasswd and starting with '$'
may be interpreted as hashed passwords.
Specifically, those matching: r'\$[1,2a,2y,5,6](\$.+){2}'
In english, that regex is:
- starts with a '$'
- followed by '1', '2a', '2y', '5', '6'
- followed by a $
- followed by 1 or more characters
- followed by another $
- followed by 1 or more characters
So a total of 3 '$' and starting with one of those specific 3 or 4
character strings. That could definitely happen, but it is low odds, and also fairly low risk. If a user hits this, they'd be unable to reach a new instance.
[Other Info]
=== End SRU Template ===
The only way to assign a hashed password to a user is to use passwd within a users entry like this:
users:
- name: root
passwd: $6$Cl....Hy$IEJciQZLxQLzkST......g.bzqf3lUl.
But, if that user is already present on the system, cloud-init will skip setting the password:
journal: [CLOUDINIT] __init__.py[INFO]: User root already exists, skipping.
You can change password with chpasswd, but that only supports clear-text password.
Requesting that chpasswd get support for setting a hashed password to users. |
=== Begin SRU Template ===
[Impact]
The only way to assign a hashed password to a user is to use passwd within a
users entry like this:
users:
- name: root
passwd: $6$Cl....Hy$IEJciQZLxQLzkST......g.bzqf3lUl.
But, if that user is already present on the system, cloud-init would skip
setting the password. The change was to add support for providing
encrypted passwords to 'chpasswd' as:
chpasswd:
list: |
user:$5$eriogqzq$Dg7PxHsKGzziuEGkZgkLvacjuEFeljJ.rLf.hZqKQLA
[Test Case]
There is an integration test in cloud-init that runs though this code.
To run that:
$ git clone https://git.launchpad.net/cloud-init
$ cd cloud-init
# download the appropriate deb for cloud-init from -proposed
$ rel=xenial
$ pver=$(rmadison --url=ubuntu --suite=$rel-proposed cloud-init | awk '{print $3}')
$ fname="cloud-init_${pver}_all.deb"
$ wget "http://archive.ubuntu.com/ubuntu/pool/main/c/cloud-init/$fname"
$ ln -sf $fname cloud-init_all.$rel.deb
$ tox -e citest -- run -v -n $rel --deb=cloud-init_all.$rel.deb \
-t tests/cloud_tests/testcases/modules/set_password_list_string.py \
-t tests/cloud_tests/testcases/modules/set_password_list.py
That will install the new cloud-init into a container and run
with user data to excercise this new feature.
[Regression Potential]
Some user passwords provided via chpasswd and starting with '$'
may be interpreted as hashed passwords.
Specifically, those matching: r'\$[1,2a,2y,5,6](\$.+){2}'
In english, that regex is:
- starts with a '$'
- followed by '1', '2a', '2y', '5', '6'
- followed by a $
- followed by 1 or more characters
- followed by another $
- followed by 1 or more characters
So a total of 3 '$' and starting with one of those specific 3 or 4
character strings. That could definitely happen, but it is low odds, and also fairly low risk. If a user hits this, they'd be unable to reach a new instance.
[Other Info]
Upstream commit:
https://git.launchpad.net/cloud-init/commit/?id=21632972df034
=== End SRU Template ===
The only way to assign a hashed password to a user is to use passwd within a users entry like this:
users:
- name: root
passwd: $6$Cl....Hy$IEJciQZLxQLzkST......g.bzqf3lUl.
But, if that user is already present on the system, cloud-init will skip setting the password:
journal: [CLOUDINIT] __init__.py[INFO]: User root already exists, skipping.
You can change password with chpasswd, but that only supports clear-text password.
Requesting that chpasswd get support for setting a hashed password to users. |
|
| 2017-04-10 22:21:55 |
Brian Murray |
cloud-init (Ubuntu Yakkety): status |
Confirmed |
Fix Committed |
|
| 2017-04-10 22:21:57 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2017-04-10 22:22:03 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
| 2017-04-10 22:22:07 |
Brian Murray |
tags |
|
verification-needed |
|
| 2017-04-10 22:45:27 |
Brian Murray |
cloud-init (Ubuntu Xenial): status |
Confirmed |
Fix Committed |
|
| 2017-04-17 12:36:36 |
Andreas Hasenack |
attachment added |
|
lp-1570325-xenial.txt https://bugs.launchpad.net/cloud-init/+bug/1570325/+attachment/4863558/+files/lp-1570325-xenial.txt |
|
| 2017-04-17 12:37:31 |
Andreas Hasenack |
attachment added |
|
lp-1570325-yakkety.txt https://bugs.launchpad.net/cloud-init/+bug/1570325/+attachment/4863559/+files/lp-1570325-yakkety.txt |
|
| 2017-04-17 13:28:37 |
Andreas Hasenack |
attachment added |
|
cloud-init.yaml https://bugs.launchpad.net/cloud-init/+bug/1570325/+attachment/4863573/+files/cloud-init.yaml |
|
| 2017-04-17 13:47:57 |
Andreas Hasenack |
tags |
verification-needed |
verification-done-xenial verification-done-yakkety |
|
| 2017-04-20 19:33:34 |
Launchpad Janitor |
cloud-init (Ubuntu Yakkety): status |
Fix Committed |
Fix Released |
|
| 2017-04-20 19:34:17 |
Steve Langasek |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2017-04-20 19:35:54 |
Launchpad Janitor |
cloud-init (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2017-04-21 19:28:14 |
Scott Moser |
cloud-init: status |
Confirmed |
Fix Committed |
|
| 2017-09-23 02:13:32 |
Scott Moser |
cloud-init: status |
Fix Committed |
Fix Released |
|
| 2023-05-10 12:18:54 |
James Falcon |
bug watch added |
|
https://github.com/canonical/cloud-init/issues/2649 |
|
