Adding RFC for password limitations removal epic task #81
Conversation
There was a problem hiding this comment.
Thank you for your contribution to this topic.
AFAIK, yast is collecting data and saves it to a file named "setup_env.sh". After this a shell script called ("/usr/lib/susemanager/bin/mgr-setup") that loads those properties [1] and setup everything.
I don't think it's possible to save that data in the database, since the creating is done during the setup. Changing this would mean refactoring most of the setup script.
It can be changed, but we would need to investigate what will break in the scripts.
For Suse Manager 5.0 we are developing a new tool to setup the containerized environment [2]. @cbosdo this is something in need to consider in this new code base.
Another option that we may explore in the future is to create some a dummy certificate to be able to start apache, and the have a simple webUI to collect all setupdata and bootstrap from in stages (first database, then we can save the configurations to there).
[1] https://github.com/uyuni-project/uyuni/blob/master/susemanager/bin/mgr-setup#L58
[2] https://github.com/uyuni-project/uyuni-tools
|
I don't think we need to move anything to database to properly handle passwords. It smells like a refactoring of the setup scripts which is now a collection of shell, python and perl scripts. Of course this can be done totally independently of the containerization of the server. |
|
As you can see from my request, a huge refactor is exactly what I propose. How do you suggest removing password limitations? |
|
I think one requirement is, that we need some passwords in clear text. Hashing them is not an option. |
|
@mcalmer can we enumerate which passwords we need in clear text and for which usage? |
|
any news on this? |
|
We have password to authenticate against the DB itself in rhn.conf . |
RFC for https://github.com/SUSE/spacewalk/issues/22066