Prompt for LUKS passphrase during Kickstart on RHEL 7.4

Comments 3

I've read some documentation (from RHEL 6 and 7) that seems to indicate one can omit the --passphrase option on a part line like:

part pv.sata --fstype="lvmpv" --size=304220 --ondisk=sda --encrypted

My understanding was this would cause Anaconda to prompt for an encryption passphrase during a Kickstart-automated install, removing the need to include a plaintext passphrase in the Kickstart file.

I've tried omitting --passphrase entirely and including it but leaving it empty and in both cases Anaconda failed because the passphrase was not provided. Is there some way to get the desired behaviour in RHEL 7.4?

Started 2017-09-03T07:12:29+00:00 by

Dan Snider

Newbie 16 points

Responses

DV Newbie 12 points

16 January 2018 4:06 PM

Derek Verbeeck

I am running into the same issue. I don't really want to hardcode a password since they need to be set on a per-system basis.

Newbie 16 points

16 January 2018 4:34 PM

Dan Snider

A bug report describing this issue has been open on the Red Hat Bugzilla since March of 2017 without any substantive progress.

DV Newbie 12 points

16 January 2018 4:44 PM

Derek Verbeeck

I've just opened a Premium Severity 1 Ticket with RHN... They are trying to lower the severity on me, but I think this is a HUGE issue. Their workaround is to HARDCODE the password in the kickstart.... That's a serious security violation.

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

Prompt for LUKS passphrase during Kickstart on RHEL 7.4

Responses