Red Hat Bugzilla – Bug 98617
loader doesn't send useful headers ie User-Agnet
Last modified: 2007-04-18 12:55:30 EDT
Description of problem:
The loader, when requesting a kickstart via HTTP does not send any usefull
information to the server. Can we at least get a User-Agent header?
ftp.c line 453 from 9.0.93-0.20030703104410
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Set up an apache something to store headers sent by a client
and/or tail -f the access.log
2. Boot a machine and instruct it to get a kickstart from your server
3. Notice the lack of any headers.
It isnt clear to me what one would need these headers for - do you have an example?
Basically, I need to be able to tell the difference between a real request for a
kickstart (from anaconda) vs. somebody poked a web browser at the kickstart server.
I'm using some mod_python + config files from administrators to kickstart
machines. Due to security concerns I need to have a fairly good idea that the
HTTP request is from anaconda. (Although I know that headers can be faked.)
Ideally, this is used to trigger a time window so that in the %post the machine
can retreave a secret encryption key. This is to prevent some one from poking
the server with a web browser from a "trusted" machine and figuring out how to
get the key themselves (because the poking would not trigger the time window).
I would recommend you instead have the machines boot with a small ks.cfg from CD
or floppy, and in that ks.cfg in the %pre you use something like wget or
python's urllib2 to pull the rest of the ks.cfg via an authenticated method, and
use the %include ks directive.
However I'll look into adding a user agent like
anaconda <productname> <version>
Does Anaconda support basic authentication? I'd think that specifiying
name/pw from the boot menu would achieve the stated aim.
*** Bug 183650 has been marked as a duplicate of this bug. ***