Bug 1386266 – [RFE] krb5 support for remote execution job invocations

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1386266 - [RFE] krb5 support for remote execution job invocations

Summary:	[RFE] krb5 support for remote execution job invocations

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Satellite 6
Classification:	Red Hat
Component:	Remote Execution (Show other bugs)
Sub Component:
Version:	6.1.9
Hardware:	x86_64 Linux

Priority	high Severity high (vote)
Target Milestone:	GA
Target Release:	Unused
Assigned To:	Adam Ruzicka
QA Contact:	Peter Ondrejka
Docs Contact:	satellite6-bugs

URL:
Whiteboard:
Keywords:	FieldEngineering, FutureFeature, PrioBumpGSS, PrioBumpPM, Triaged

Duplicates:	1317004 (view as bug list)
Depends On:
Blocks:	1316897 1479962 1386262
	Show dependency tree / graph

Reported:	2016-10-18 09:57 EDT by Daniel Lobato Garcia
Modified:	2018-08-31 11 EDT (History)
CC List:	18 users (show)

See Also:
Fixed In Version:	tfm-rubygem-foreman_remote_execution_core-1.0.5
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Clones:	1541481 (view as bug list)
Environment:
Last Closed:	2018-02-21 07:36:49 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Foreman Issue Tracker	11936	None	None	None	2016-10-18 09:57 EDT
Red Hat Product Errata	RHSA-2018:0336	normal	SHIPPED_LIVE	Important: Satellite 6.3 security, bug fix, and enhancement update	2018-02-21 17:43:42 EST

Groups: None (edit)

Description Daniel Lobato Garcia 2016-10-18 09:57:19 EDT

Description of problem:

Client needs to be able to use kerberos tokens generated via keytab to invoke jobs in remote machines instead of RSA keys. 

The tokens are generated per template or job invocation, they should not be global.

Expected results:

The SSH connection would use a krb5 token instead of an RSA key.

Comment 10 pm-sat@redhat.com 2017-05-25 06:11:54 EDT

Upstream bug assigned to aruzicka@redhat.com

Comment 11 pm-sat@redhat.com 2017-05-25 06:11:59 EDT

Upstream bug assigned to aruzicka@redhat.com

Comment 12 Bryan Kearney 2017-06-08 14:57:42 EDT

Removing 6.2.z since I do not believe we will deliver it in that timeframe.

Comment 13 pm-sat@redhat.com 2017-07-10 08:11:33 EDT

Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/11936 has been resolved.

Comment 21 Adam Ruzicka 2017-08-29 02:42:11 EDT

*** Bug 1317004 has been marked as a duplicate of this bug. ***

Comment 22 Ivan Necas 2017-08-30 08:44:10 EDT

Waiting for packaging and installer changes upstream

Comment 23 Adam Ruzicka 2017-08-30 09:01:42 EDT

RPM packaging PR: https://github.com/theforeman/foreman-packaging/pull/1665
installer changes PR: https://github.com/theforeman/puppet-foreman_proxy/pull/351

Comment 34 Pat Riehecky 2018-01-05 15:35:43 EST

There doesn't appear to documentation on how to activate this feature upstream.

Comment 44 errata-xmlrpc 2018-02-21 07:36:49 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.