Encryption2

[lzap]

So I am adding support for plain text passwords encryption (please note this is encryption for passwords we need to keep - obscurity not security).

1. There is a new utility called katello-passwd (see man page or help option) to encrypt a password.

2. It starts with $1$ (1 is for version 1) and it can only be used for database-password setting (we do not have any plaintext passwords in Katello yet)

3. Katello can also read unencrypted passwords from this field (if it does not start with $1$)

4. I will raise a RFE against Candlepin to do the same for database password. Pulp is fine (no passwords there).

5. I modified katello-configure to use the function to encrypt database password during installation

More on the demo.

[lzap]

Raised RFE for Candlepin: https://bugzilla.redhat.com/show_bug.cgi?id=816935
Pulp has no plaintext passwords currently.

[lzap]

In future we might want to store passphrase in a file setting a strict SELinux policy to it, but since multiple processes (e.g. unconfined tomcat) from different policies would need to access it, I'd recommend to stick with this approach.

[iNecas]

What if the pain password begins with $1$? Not very probable but one never knows.

[lzap]

@iNecas If plain password begins with $1$ it will work too. ;-)

[jsomara]

This pull request needs to be rebased (This pull request cannot be automatically merged.)

[lzap]

Before I will rebase it again (third time), let's give me GOs!

[iNecas]

It's working indeed. GO from me. Lets do the final rebase.

[lzap]

Closing for now, I want to rebase and also add passphase file.