Bug 1198106 - [RFE] Use mod_auth_gssapi instead of mod_auth_kerb
Summary: [RFE] Use mod_auth_gssapi instead of mod_auth_kerb
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Installation
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-03-03 12:04 UTC by Jan Pazdziora
Modified: 2021-09-09 11:41 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-09-04 19:03:36 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker SAT-4945 0 None None None 2021-09-09 11:41:02 UTC

Description Jan Pazdziora 2015-03-03 12:04:10 UTC 
Description of problem:

Currently, with --foreman-ipa-authentication=true option to katello-installer to configure external authentication, mod_auth_kerb gets configured. One mod_auth_gssapi becomes available in the base OS, the installer should configure that instead.

Version-Release number of selected component (if applicable):

Satellite 6.0.x.

How reproducible:

Deterministic.

Steps to Reproduce:
1. Configure external authentication to get Kerberos SSO.
2. Note that it does not need to be against IdM/IPA if RFE in bug 1198103 gets addressed.

Actual results:

mod_auth_kerb is installed and configured.

Expected results:

mod_auth_gssapi is installed and configured.

Additional info:

The mod_auth_gssapi modules uses GSSAPI calls instead of low-level Kerberos calls, making it possible to for example use GSS-Proxy for complete privilege separation where the Apache HTTP server does not have access to the keytab, increasing security.
Comment 1 RHEL Program Management 2015-03-03 20:19:15 UTC 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 8 Bryan Kearney 2018-09-04 18:54:01 UTC 
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in the product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.
Comment 9 Bryan Kearney 2018-09-04 19:03:36 UTC 
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in the product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.
Note You need to log in before you can comment on or make changes to this bug.