Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong password generation #155

Open
razvanphp opened this issue Jan 21, 2024 · 0 comments
Open

Wrong password generation #155

razvanphp opened this issue Jan 21, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@razvanphp
Copy link

Describe the bug
After I installed the chart, with no password set, the generated one + sha2 seems to be wrong.

I got those values:

graylog-password-secret: oLGXJGuHZevgQMeV
graylog-password-sha2: e075335e93a518f65b6683423b585a750914c5b9883aee893568b00bafb8ad5f
admin: graylog-root-username

But still, I cannot login with this password. The password and the hash do not match:

# kubectl get secret --namespace graylog graylog -o "jsonpath={.data['graylog-password-secret']}" | base64 --decode
oLGXJGuHZevgQMeV
graylog@graylog-0:~$ echo $GRAYLOG_PASSWORD_SECRET
oLGXJGuHZevgQMeV
graylog@graylog-0:~$ echo $GRAYLOG_PASSWORD_SECRET |sha256sum 
4943ddccf4307252235b9ed281c37fe0c5a1d621a521dbfdf26308e7411aeecb  -
graylog@graylog-0:~$ env |grep SHA
GRAYLOG_ROOT_PASSWORD_SHA2=e075335e93a518f65b6683423b585a750914c5b9883aee893568b00bafb8ad5f
graylog@graylog-0:~$

Also, I think it's a missunderstanding, the secret is not the password itself, it's just a value to protect the login cookie. The real password should be encrypted with sha256. Here is the official response on graylog community:

I think maybe your steps are out of order.

Generate a password secret
pwgen -N 1 -s 96
Place that secret in the configuration for password_secret (GRAYLOG_PASSWORD_SECRET)
Pick an admin password. (e.g. hunter2)
Hash that password using the command
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Place the password hash (from step 4) in the configuration for root_password_sha2 (GRAYLOG_ROOT_PASSWORD_SHA2)
Log in with username admin and the non-hashed password (from step 3)

After changing the password hashes in the config manually, login works.

Version of Helm and Kubernetes:

Helm Version: v3.12.1
Kubernetes Version: 1.26.6+k3s-e18037a7-dirty

Which version of the chart:
2.3.4

What happened:
No idea 🙂

What you expected to happen:
Login works with password automatic generation.

How to reproduce it (as minimally and precisely as possible):
Just install the chart with no password specified in the values.yaml and try to login.
@razvanphp razvanphp added the bug Something isn't working label Jan 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@razvanphp