Bug 98617

Summary: loader doesn't send useful headers ie User-Agnet
Product: [Retired] Red Hat Linux Reporter: Jack Neely <jjneely>
Component: anacondaAssignee: Peter Jones <pjones>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: fche
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-06-02 15:21:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 150223    

Description Jack Neely 2003-07-05 03:03:19 UTC 
Description of problem:
The loader, when requesting a kickstart via HTTP does not send any usefull
information to the server.  Can we at least get a User-Agent header?

ftp.c line 453 from 9.0.93-0.20030703104410

Version-Release number of selected component (if applicable):
anaconda-9.0-4
anaconda-9.0.93-0.20030703104410

Steps to Reproduce:
1. Set up an apache something to store headers sent by a client
and/or tail -f the access.log
2. Boot a machine and instruct it to get a kickstart from your server
3. Notice the lack of any headers.
Comment 1 Michael Fulbright 2003-07-09 18:39:40 UTC 
It isnt clear to me what one would need these headers for - do you have an example?
Comment 2 Jack Neely 2003-07-09 19:19:41 UTC 
Basically, I need to be able to tell the difference between a real request for a
kickstart (from anaconda) vs. somebody poked a web browser at the kickstart server.

I'm using some mod_python + config files from administrators to kickstart
machines.  Due to security concerns I need to have a fairly good idea that the
HTTP request is from anaconda.  (Although I know that headers can be faked.) 
Ideally, this is used to trigger a time window so that in the %post the machine
can retreave a secret encryption key.  This is to prevent some one from poking
the server with a web browser from a "trusted" machine and figuring out how to
get the key themselves (because the poking would not trigger the time window).
Comment 3 Michael Fulbright 2003-07-11 15:52:59 UTC 
I would recommend you instead have the machines boot with a small ks.cfg from CD
or floppy, and in that ks.cfg in the %pre you use something like wget or
python's urllib2 to pull the rest of the ks.cfg via an authenticated method, and
use the %include ks directive.

However I'll look into adding a user agent like

anaconda <productname> <version>

as well.
Comment 4 Need Real Name 2004-11-16 09:21:33 UTC 
Does Anaconda support basic authentication? I'd think that specifiying
name/pw from the boot menu would achieve the stated aim.
Comment 6 Chris Lumens 2006-03-02 15:26:25 UTC 
*** Bug 183650 has been marked as a duplicate of this bug. ***