Bug 1386266 - [RFE] krb5 support for remote execution job invocations
Summary: [RFE] krb5 support for remote execution job invocations
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Remote Execution
Version: 6.1.9
Hardware: x86_64
OS: Linux
high vote
Target Milestone: Unspecified
Assignee: Adam Ruzicka
QA Contact: Peter Ondrejka
: 1317004 (view as bug list)
Depends On:
Blocks: 1316897 1386262 1479962
TreeView+ depends on / blocked
Reported: 2016-10-18 13:57 UTC by Daniel Lobato Garcia
Modified: 2022-03-13 14:07 UTC (History)
18 users (show)

Fixed In Version: tfm-rubygem-foreman_remote_execution_core-1.0.5
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1541481 (view as bug list)
Last Closed: 2018-02-21 12:36:49 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 11936 0 Normal Closed Support kerberized SSH as an alternative to keys 2021-01-07 02:21:56 UTC
Red Hat Issue Tracker SAT-4972 0 None None None 2021-09-09 12:02:36 UTC
Red Hat Product Errata RHSA-2018:0336 0 normal SHIPPED_LIVE Important: Satellite 6.3 security, bug fix, and enhancement update 2018-02-21 22:43:42 UTC

Description Daniel Lobato Garcia 2016-10-18 13:57:19 UTC
Description of problem:

Client needs to be able to use kerberos tokens generated via keytab to invoke jobs in remote machines instead of RSA keys. 

The tokens are generated per template or job invocation, they should not be global.

Expected results:

The SSH connection would use a krb5 token instead of an RSA key.

Comment 10 Satellite Program 2017-05-25 10:11:54 UTC
Upstream bug assigned to aruzicka

Comment 11 Satellite Program 2017-05-25 10:11:59 UTC
Upstream bug assigned to aruzicka

Comment 12 Bryan Kearney 2017-06-08 18:57:42 UTC
Removing 6.2.z since I do not believe we will deliver it in that timeframe.

Comment 13 Satellite Program 2017-07-10 12:11:33 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/11936 has been resolved.

Comment 21 Adam Ruzicka 2017-08-29 06:42:11 UTC
*** Bug 1317004 has been marked as a duplicate of this bug. ***

Comment 22 Ivan Necas 2017-08-30 12:44:10 UTC
Waiting for packaging and installer changes upstream

Comment 34 Pat Riehecky 2018-01-05 20:35:43 UTC
There doesn't appear to documentation on how to activate this feature upstream.

Comment 44 errata-xmlrpc 2018-02-21 12:36:49 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.