Bug 682206 - [RFE] Kickstart Protection
[RFE] Kickstart Protection
Product: Spacewalk
Classification: Community
Component: Server (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Jan Pazdziora
Red Hat Satellite QA List
: FutureFeature
Depends On:
Blocks: spacewalk-rfe
  Show dependency treegraph
Reported: 2011-03-04 07:53 EST by Frederic Hornain
Modified: 2011-09-16 06:11 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2011-09-16 06:11:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Frederic Hornain 2011-03-04 07:53:08 EST
Description of problem:
When I create Kickstarts, there are readable via http from everyone who have access to the Red Hat Satellite/Spacewalk Server. So in consequence, e.g. the root hash password is available for everyone, the base configuration as well.
OK, as soon as the installation is done I should change the root password but image that I forget.
AFAIK, there is not protection for that yet.
If there is then sorry for that.

OK, we could setup some security rules via iptables or maybe tcp wrapper but I should have to do modification in the configuration files inside the server.
Well, I am not convinced it will be the best way.
So if that demand could be considered for the next release of RHNS, it would be great.

Frederic ;)
Comment 1 Jan Pazdziora 2011-03-04 11:03:02 EST
Can you clarify the proposed behaviour? How exactly do you plan to be able to kickstart any machine in your network and at the same time restrict access to the kickstart files?
Comment 2 Jan Pazdziora 2011-07-20 07:50:37 EDT
Aligning under space16.
Comment 3 Jan Pazdziora 2011-09-16 06:11:07 EDT
We don't have a clear requirement/specification -- closing now.

Note You need to log in before you can comment on or make changes to this bug.