Bug 798219

Summary: RFE: Add possibility to turn off user/pass authentication
Product: [Retired] Pulp Reporter: Lukas Zapletal <lzap>
Component: user-experienceAssignee: pulp-bugs
Status: CLOSED UPSTREAM QA Contact: Preethi Thomas <pthomas>
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: cduryee, rbarlow, skarmark
Target Milestone: ---Keywords: FutureFeature, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-19 00:48:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lukas Zapletal 2012-02-28 11:20:59 UTC 
Since Katello use oauth exclusively we would recommend to turn off user/pass authentication completely. An option for that would improve security. For now we are randomizing admin password.

When implemented, please raise new BZ to swtich this option on in the Katello installer, thank you.
Comment 1 Jay Dobies 2012-03-02 21:18:32 UTC 
I don't think this falls under the jurisdiction of Pulp to provide as a feature.

By default, our user certificates last a week. So for the common usage (OAuth isn't really documented or pushed as an actual feature) it doesn't really make sense to ever disable user/pass authentication.

That's not to say it's not possible, but I think it's a post-install step that's up to the user to configure. It involves changing the httpd configuration to deny basic auth to Pulp. So a workaround exists, but it's done as post-install configuration by the user (or, in this case, as part of the Katello installation).

Keep in mind it's not something we've tested.
Comment 2 Chris Duryee 2014-11-10 15:37:18 UTC 
This is still desired by the katello team (per jsherrill).
Comment 3 Brian Bouterse 2015-02-19 00:48:09 UTC 
Moved to https://pulp.plan.io/issues/164