Bug 2226705

Summary: [RFE] Add a warning about using BASIC auth in insights-client.conf
Product: Red Hat Enterprise Linux 8 Reporter: Pino Toscano <ptoscano>
Component: insights-clientAssignee: CSI Client Tools Bugs <csi-client-tools-bugs>
Status: NEW --- QA Contact: CSI Client Tools Bugs <csi-client-tools-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: ---CC: cmarinea, csi-client-tools-bugs, fjansen, stomsa
Target Milestone: rcKeywords: EasyFix, FutureFeature, Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 2188004 Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2188004    
Bug Blocks:    

Description Pino Toscano 2023-07-26 09:09:28 UTC 
+++ This bug was initially created as a clone of Bug #2188004 +++

Description of problem:
Overall we are documenting "basic" authentication as an alternative to the "cert" method, however when using basic authentication the username and password remain in plain text.

The goal of this RFE is not to provide encryption, but to add a Warning in the configuration file to encourage customer to stick with "authmethod=BASIC"

Version-Release number of selected component (if applicable):
Focus on RHEL9 and RHEL8

Actual text in insights-client.conf:
~~~
# Change authentication method, valid options BASIC, CERT. Default BASIC
#authmethod=BASIC

# username to use when authmethod is BASIC
#username=

# password to use when authmethod is BASIC
#password=
~~~


Proposed text in insights-client.conf:
~~~
# Change authentication method, valid options BASIC, CERT.
# The recommended and default method is CERT.
# Changing to BASIC is less secure and not recommended as the username and password will be stored in plain text in the configuration file.
#authmethod=BASIC

# username to use when authmethod is BASIC
#username=

# password to use when authmethod is BASIC
#password=
~~~


Additional info: