fe39a30c98
This reverts commit ea9b39d723
.
In order to release stable/pike we need this to still be present.
https://review.openstack.org/#/c/502063/ is failing.
Once we release stable/pike we can figure out how to properly remove
this repository.
Change-Id: I50308b1c3001371d4554b6c2640bd5384e870a53
867 B
867 B
---id: V-38577 status: implemented tag: auth ---
The STIG requires SHA512 to be used for hashing password since it is in the list of FIPS 140-2 approved hashing algorithms. This is also the default in Ubuntu 14.04, Ubuntu 16.04, and CentOS 7.
The libuser
package isn't installed by default in Ubuntu
or via openstack-ansible. The Ansible tasks will do the following:
- Check to see if libuser is installed
- If it's installed, it will check for the password hashing algorithm
in
/etc/libuser.conf
- If libuser is installed and the password hashing algorithm isn't SHA512, an error will be printed and the playbook will fail
Further reading: