openstack-ansible-security/V-38577.rst at fe39a30c98f7ea706b930b18e9a37b8e4ce8d6a9

Andy McCrae fe39a30c98 Revert "Retire openstack-ansible-security"

This reverts commit ea9b39d723.
In order to release stable/pike we need this to still be present.
https://review.openstack.org/#/c/502063/ is failing.

Once we release stable/pike we can figure out how to properly remove
this repository.

Change-Id: I50308b1c3001371d4554b6c2640bd5384e870a53

2017-09-13 10:34:55 -06:00

867 B

Raw Blame History

---id: V-38577 status: implemented tag: auth ---

The STIG requires SHA512 to be used for hashing password since it is in the list of FIPS 140-2 approved hashing algorithms. This is also the default in Ubuntu 14.04, Ubuntu 16.04, and CentOS 7.

The libuser package isn't installed by default in Ubuntu or via openstack-ansible. The Ansible tasks will do the following:

Check to see if libuser is installed
If it's installed, it will check for the password hashing algorithm in /etc/libuser.conf
If libuser is installed and the password hashing algorithm isn't SHA512, an error will be printed and the playbook will fail

867 B Raw Blame History

867 B

Raw Blame History