Description of problem:
With rhn-client-tools-0.4.8-1.el5.noarch going against webqa (as it sits at
11:00 on 29.1.2007) I'm able to register against webqa using a valid username
and any password I care to enter.
1) run rhn_register
2) at the Update Location screen, enter
"https://xmlrpc.rhn.webqa.redhat.com/XMLRPC" as the location and continue
3) enter a valid username and any password you like
Really shouldn't work.
Proposing as RHEL5 blocker, as otherwise this code might make it to the live
site. Need some sort of resolution prior to that.
may be related to bug 223515
1) ping xmlrpc.rhn.webqa.redhat.com
2) edit /etc/hosts with the following:
<ip address from above ping> xmlrpc.rhn.redhat.com
While this seems silly, it goes through the "hosted" code path which
is important to test versus the one mentioned in step 2 of original comment
3) Continue with Step 1 & 3 from Original Comment.
QA Verified -- can no longer login using an arbitrary password.