|
Configuration: Red Hat Enterprise Linux 7.7 system with FIPS mode enabled # openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 ]# cat /proc/sys/crypto/fips_enabled 1 PostgreSQL and pgAdmin4 installed from the latest yum repositories rpm –import
https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG-12 yum install
https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm yum install postgresql12-server postgresql12-docs postgresql12-contrib pgadmin4 mod_ssl Issue: When I run the setup command: # /usr/pgadmin4/bin/pgadmin4-web-setup.sh I receive the following output: NOTE: Configuring authentication for SERVER mode. Enter the email address and password to use for the initial pgAdmin user account: Email address: Xxxxx.Xxxxxxxx@xxxxxxxx Password: Retype password: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/pgadmin4-web/setup.py", line 413, in <module> setup_db() File "/usr/lib/python2.7/site-packages/pgadmin4-web/setup.py", line 347, in setup_db app = create_app() File "/usr/lib/python2.7/site-packages/pgadmin4-web/pgadmin/__init__.py", line 330, in create_app db_upgrade(app) File "/usr/lib/python2.7/site-packages/pgadmin4-web/pgadmin/setup/db_upgrade.py", line 25, in db_upgrade flask_migrate.upgrade(migration_folder) File "/usr/lib/python2.7/site-packages/pgadmin4-web/flask_migrate/__init__.py", line 95, in wrapped f(*args, **kwargs) File "/usr/lib/python2.7/site-packages/pgadmin4-web/flask_migrate/__init__.py", line 280, in upgrade command.upgrade(config, revision, sql=sql, tag=tag) File "/usr/lib/python2.7/site-packages/pgadmin4-web/alembic/command.py", line 254, in upgrade script.run_env() File "/usr/lib/python2.7/site-packages/pgadmin4-web/alembic/script/base.py", line 425, in run_env util.load_python_file(self.dir, 'env.py') File "/usr/lib/python2.7/site-packages/pgadmin4-web/alembic/util/pyfiles.py", line 81, in load_python_file module = load_module_py(module_id, path) File "/usr/lib/python2.7/site-packages/pgadmin4-web/alembic/util/compat.py", line 141, in load_module_py mod = imp.load_source(module_id, path, fp) File "/usr/lib/python2.7/site-packages/pgadmin4-web/pgadmin/setup/../../migrations/env.py", line 94, in <module> run_migrations_online() File "/usr/lib/python2.7/site-packages/pgadmin4-web/pgadmin/setup/../../migrations/env.py", line 87, in run_migrations_online context.run_migrations() File "<string>", line 8, in run_migrations File "/usr/lib/python2.7/site-packages/pgadmin4-web/alembic/runtime/environment.py", line 836, in run_migrations self.get_context().run_migrations(**kw) File "/usr/lib/python2.7/site-packages/pgadmin4-web/alembic/runtime/migration.py", line 330, in run_migrations step.migration_fn(**kw) File "/usr/lib/python2.7/site-packages/pgadmin4-web/migrations/versions/fdc58d9bd449_.py", line 122, in upgrade Security(current_app, user_datastore, register_blueprint=False) File "/usr/lib/python2.7/site-packages/pgadmin4-web/flask_security/core.py", line 469, in __init__ self._state = self.init_app(app, datastore, **kwargs) File "/usr/lib/python2.7/site-packages/pgadmin4-web/flask_security/core.py", line 504, in init_app anonymous_user=anonymous_user) File "/usr/lib/python2.7/site-packages/pgadmin4-web/flask_security/core.py", line 332, in _get_state hashing_context=_get_hashing_context(app), File "/usr/lib/python2.7/site-packages/pgadmin4-web/flask_security/core.py", line 313, in _get_hashing_context deprecated=deprecated) File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/context.py", line 1401, in __init__ self.load(kwds) File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/context.py", line 1592, in load config = _CryptConfig(source) File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/context.py", line 634, in __init__ self._init_scheme_list(source.get((None,None,"schemes"))) File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/context.py", line 652, in _init_scheme_list handler = get_crypt_handler(elem) File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/registry.py", line 350, in get_crypt_handler mod = __import__(modname, fromlist=[modattr], level=0) File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/handlers/digests.py", line 72, in <module> hex_md5 = create_hex_hash("md5") File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/handlers/digests.py", line 55, in create_hex_hash info = lookup_hash(digest) File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/crypto/digest.py", line 298, in lookup_hash info = HashInfo(const, name_list) File "/usr/lib/python2.7/site-packages/pgadmin4-web/passlib/crypto/digest.py", line 403, in __init__ hash = const() ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips Error setting up server mode. Please examine the output above. Investigation: Issue appears to be related to a default of the prohibited hash algorithm md5. I have searched the web, read the FAQs and documentation without finding any definitive answers. After stepping through the python code with pdb, it appears something is trying to create an md5 hash for the default password. Questions:
Thank you, David A. Deaderick III Infrastructure Engineering IT Specialist
Capacity and Performance Engineering (005OP2D) VA OI&T Enterprise Program Management Office Office: (727) 502-1313 (Tue Wed Thu) Office: (941) 359-2010 (Mon Fri) Mobile: (727) 417-7593 |
