Bug 682206

Summary: [RFE] Kickstart Protection
Product: [Community] Spacewalk Reporter: Frederic Hornain <fhornain>
Component: ServerAssignee: Jan Pazdziora <jpazdziora>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.4CC: cperry, jpazdziora
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-16 10:11:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 737830    

Description Frederic Hornain 2011-03-04 12:53:08 UTC 
Description of problem:
When I create Kickstarts, there are readable via http from everyone who have access to the Red Hat Satellite/Spacewalk Server. So in consequence, e.g. the root hash password is available for everyone, the base configuration as well.
OK, as soon as the installation is done I should change the root password but image that I forget.
 
AFAIK, there is not protection for that yet.
If there is then sorry for that.

OK, we could setup some security rules via iptables or maybe tcp wrapper but I should have to do modification in the configuration files inside the server.
Well, I am not convinced it will be the best way.
 
So if that demand could be considered for the next release of RHNS, it would be great.

BR
Frederic ;)
Comment 1 Jan Pazdziora 2011-03-04 16:03:02 UTC 
Can you clarify the proposed behaviour? How exactly do you plan to be able to kickstart any machine in your network and at the same time restrict access to the kickstart files?
Comment 2 Jan Pazdziora 2011-07-20 11:50:37 UTC 
Aligning under space16.
Comment 3 Jan Pazdziora 2011-09-16 10:11:07 UTC 
We don't have a clear requirement/specification -- closing now.