Bug 2188004

Summary: [RFE] Add a warning about using BASIC auth in insights-client.conf
Product: Red Hat Enterprise Linux 9 Reporter: Christian Marineau <cmarinea>
Component: insights-clientAssignee: CSI Client Tools Bugs <csi-client-tools-bugs>
Status: NEW --- QA Contact: CSI Client Tools Bugs <csi-client-tools-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 9.3CC: cmarinea, fjansen, stomsa
Target Milestone: rcKeywords: EasyFix, FutureFeature, Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2226705 (view as bug list) Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2226705    

Description Christian Marineau 2023-04-19 12:49:33 UTC
Description of problem:
Overall we are documenting "basic" authentication as an alternative to the "cert" method, however when using basic authentication the username and password remain in plain text.

The goal of this RFE is not to provide encryption, but to add a Warning in the configuration file to encourage customer to stick with "authmethod=BASIC"

Version-Release number of selected component (if applicable):
Focus on RHEL9 and RHEL8

Actual text in insights-client.conf:
~~~
# Change authentication method, valid options BASIC, CERT. Default BASIC
#authmethod=BASIC

# username to use when authmethod is BASIC
#username=

# password to use when authmethod is BASIC
#password=
~~~


Proposed text in insights-client.conf:
~~~
# Change authentication method, valid options BASIC, CERT.
# The recommended and default method is CERT.
# Changing to BASIC is less secure and not recommended as the username and password will be stored in plain text in the configuration file.
#authmethod=BASIC

# username to use when authmethod is BASIC
#username=

# password to use when authmethod is BASIC
#password=
~~~


Additional info: