Description of problem: Currently, with --foreman-ipa-authentication=true option to katello-installer to configure external authentication, mod_auth_kerb gets configured. One mod_auth_gssapi becomes available in the base OS, the installer should configure that instead. Version-Release number of selected component (if applicable): Satellite 6.0.x. How reproducible: Deterministic. Steps to Reproduce: 1. Configure external authentication to get Kerberos SSO. 2. Note that it does not need to be against IdM/IPA if RFE in bug 1198103 gets addressed. Actual results: mod_auth_kerb is installed and configured. Expected results: mod_auth_gssapi is installed and configured. Additional info: The mod_auth_gssapi modules uses GSSAPI calls instead of low-level Kerberos calls, making it possible to for example use GSS-Proxy for complete privilege separation where the Apache HTTP server does not have access to the keytab, increasing security.
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release.
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in the product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.