During the work of moving password parameters from foreman to internal
hiera I noted that there are some users that still have their passwords
hashed by MD5 algorithm.

MD5 has known crypto research that make it no longer suitable for storing
passwords securely:

https://en.wikipedia.org/wiki/MD5#Security (and corresponding links).

While the hashes are stored in internal repo it is still shared and prone
to information leaks. We should ask all users to rehash their passwords
with SHA-512 and when it is done we can remove MD5 exception
in site/ovirt_infra/manifests/user.pp so MD5 hashed passwords are no
longer accepted.

The current list of users left is available in infra-hiera repo.
–
Anton Marchukov
Senior Software Engineer - RHEV CI - Red Hat