Red Hat Bugzilla – Bug 98617
loader doesn't send useful headers ie User-Agnet
Last modified: 2007-04-18 12:55:30 EDT
Description of problem: The loader, when requesting a kickstart via HTTP does not send any usefull information to the server. Can we at least get a User-Agent header? ftp.c line 453 from 9.0.93-0.20030703104410 Version-Release number of selected component (if applicable): anaconda-9.0-4 anaconda-9.0.93-0.20030703104410 Steps to Reproduce: 1. Set up an apache something to store headers sent by a client and/or tail -f the access.log 2. Boot a machine and instruct it to get a kickstart from your server 3. Notice the lack of any headers.
It isnt clear to me what one would need these headers for - do you have an example?
Basically, I need to be able to tell the difference between a real request for a kickstart (from anaconda) vs. somebody poked a web browser at the kickstart server. I'm using some mod_python + config files from administrators to kickstart machines. Due to security concerns I need to have a fairly good idea that the HTTP request is from anaconda. (Although I know that headers can be faked.) Ideally, this is used to trigger a time window so that in the %post the machine can retreave a secret encryption key. This is to prevent some one from poking the server with a web browser from a "trusted" machine and figuring out how to get the key themselves (because the poking would not trigger the time window).
I would recommend you instead have the machines boot with a small ks.cfg from CD or floppy, and in that ks.cfg in the %pre you use something like wget or python's urllib2 to pull the rest of the ks.cfg via an authenticated method, and use the %include ks directive. However I'll look into adding a user agent like anaconda <productname> <version> as well.
Does Anaconda support basic authentication? I'd think that specifiying name/pw from the boot menu would achieve the stated aim.
*** Bug 183650 has been marked as a duplicate of this bug. ***