- Issued:
- 2017-07-27
- Updated:
- 2017-07-27
RHBA-2017:1818 - ovirt-engine-extension-aaa-jdbc bug fix and enhancement update for RHV 4.1.4
Synopsis
ovirt-engine-extension-aaa-jdbc bug fix and enhancement update for RHV 4.1.4
Type/Severity
Bug Fix Advisory None
Topic
An updated ovirt-engine-extension-aaa-jdbc package is now available.
Description
The ovirt-engine-extension-aaa-jdbc package provides ovirt-aaa-jdbc-tool, a tool used to create, view, and manage users and groups on the internal domain. The tool can also be used to reset the password of the internal administrative user (admin@internal), and to create additional local domains.
Changes to the ovirt-engine-extension-aaa-jdbc component:
- Previously, administrators had to enter an unencrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'. The password was then encrypted inside ovirt-aaa-jdbc-tool and stored in the database.
This update enables administrators to use the new --encrypted option to enter an already encrypted password when invoking 'ovirt-aaa-jdbc-tool user password-reset'.
However there are some caveats when providing encrypted passwords:
-
Entering an encrypted password means that password validity tests cannot be performed, so they are skipped and the password is accepted even if it does not comply with the password validation policy.
-
A password has to be encrypted using the same configured algorithm. To encrypt passwords, administrators can use the '/usr/share/ovirt-engine/bin/ovirt-engine-crypto-tool.sh' tool, which provides the 'pbe-encode' command to encrypt passwords using the default PBKDF2WithHmacSHA1 algorithm. (BZ#1452668)
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2974891
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Virtualization | 4.1 | x86_64 |
Updated Packages
- ovirt-engine-extension-aaa-jdbc-1.1.6-1.el7ev.src.rpm
- ovirt-engine-extension-aaa-jdbc-1.1.6-1.el7ev.noarch.rpm
Fixes
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.