Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes #36325 - Support key-algorithm in omshell #871

Draft
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

ekohl
Copy link
Member

@ekohl ekohl commented Apr 24, 2023

EL 8.2 introduced support for specifying key-algorithm in omshell and Debian stable also supports this. If unspecified, it defaults to the insecure HMAC-MD5. Especially on FIPS (where MD5 is forbidden) this is problematic.

Currently a draft since I didn't test this yet.

EL 8.2 introduced support for specifying key-algorithm in omshell[1]
and Debian stable also supports this. If unspecified, it defaults to the
insecure HMAC-MD5. Especially on FIPS (where MD5 is forbidden) this is
problematic.

[1]: https://access.redhat.com/errata/RHBA-2021:1623
@@ -6,11 +6,12 @@ class IscOmapiProvider < ::Proxy::DHCP::Server
include Proxy::Util
attr_reader :omapi_port, :key_name, :key_secret

def initialize(server, omapi_port, subnets = nil, key_name = nil, key_secret = nil, service = nil, free_ips_service = nil)
def initialize(server, omapi_port, subnets = nil, key_name = nil, key_secret = nil, service = nil, free_ips_service = nil, key_algorithm = nil)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should really refactor this to keyword arguments, but I wanted to stay compatible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants