Bug 1386262

Summary: [RFE] Support kerberized SSH as an alternative to keys
Product: Red Hat Satellite Reporter: Daniel Lobato Garcia <dlobatog>
Component: Remote ExecutionAssignee: Adam Ruzicka <aruzicka>
Status: CLOSED ERRATA QA Contact: Peter Ondrejka <pondrejk>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0.4CC: bbuckingham, bkearney, dcaplan, dlobatog, inecas, jcallaha, pcreech, riehecky
Target Milestone: UnspecifiedKeywords: FutureFeature, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/11936
Whiteboard:
Fixed In Version: tfm-rubygem-foreman_remote_execution_core-1.0.5 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-21 16:54:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1386266    
Bug Blocks:    

Description Daniel Lobato Garcia 2016-10-18 13:50:03 UTC 
It'd be relatively easy for the proxy to use the existing krb5 infrastructure (used by GSS-TSIG DNS updates and Realm) as an optional alternative to SSH keys.
Comment 1 Daniel Lobato Garcia 2016-10-18 13:50:07 UTC 
Created from redmine issue http://projects.theforeman.org/issues/11936
Comment 2 Ivan Necas 2017-04-21 06:56:20 UTC 
How does this BZ differ from https://bugzilla.redhat.com/show_bug.cgi?id=1386266 ?
Comment 3 Satellite Program 2017-05-25 10:15:03 UTC 
Upstream bug assigned to aruzicka
Comment 4 Satellite Program 2017-05-25 10:15:07 UTC 
Upstream bug assigned to aruzicka
Comment 5 Daniel Lobato Garcia 2017-05-26 15:01:35 UTC 
This BZ is about reusing the information we have (keytab for Realms (https://theforeman.org/manuals/1.15/index.html#4.3.8Realm) or GSS TSIG (https://theforeman.org/manuals/1.15/index.html#4.3.8Realm)) to run jobs on hosts in that realm. This BZ cannot be closed without closing https://bugzilla.redhat.com/show_bug.cgi?id=1386266 first, as you'd need first the ability to run jobs via tokens to be able to use the keytabs I mentioned.
Comment 6 Satellite Program 2017-07-10 12:14:45 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/11936 has been resolved.
Comment 9 Peter Ondrejka 2018-02-07 17:56:58 UTC 
Verified on Sat 6.3 snap 35 along with https://bugzilla.redhat.com/show_bug.cgi?id=1386266
Comment 10 Satellite Program 2018-02-21 16:54:17 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> 
> For information on the advisory, and where to find the updated files, follow the link below.
> 
> If the solution does not work for you, open a new bug report.
> 
> https://access.redhat.com/errata/RHSA-2018:0336