Bug 98617 - loader doesn't send useful headers ie User-Agnet
Summary: loader doesn't send useful headers ie User-Agnet
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: anaconda
Version: 9
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Peter Jones
QA Contact:
URL:
Whiteboard:
Keywords: FutureFeature
: 183650 (view as bug list)
Depends On:
Blocks: FC6Target
TreeView+ depends on / blocked
 
Reported: 2003-07-05 03:03 UTC by Jack Neely
Modified: 2007-04-18 16:55 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2006-06-02 15:21:55 UTC


Attachments (Terms of Use)

Description Jack Neely 2003-07-05 03:03:19 UTC
Description of problem:
The loader, when requesting a kickstart via HTTP does not send any usefull
information to the server.  Can we at least get a User-Agent header?

ftp.c line 453 from 9.0.93-0.20030703104410

Version-Release number of selected component (if applicable):
anaconda-9.0-4
anaconda-9.0.93-0.20030703104410

Steps to Reproduce:
1. Set up an apache something to store headers sent by a client
and/or tail -f the access.log
2. Boot a machine and instruct it to get a kickstart from your server
3. Notice the lack of any headers.

Comment 1 Michael Fulbright 2003-07-09 18:39:40 UTC
It isnt clear to me what one would need these headers for - do you have an example?

Comment 2 Jack Neely 2003-07-09 19:19:41 UTC
Basically, I need to be able to tell the difference between a real request for a
kickstart (from anaconda) vs. somebody poked a web browser at the kickstart server.

I'm using some mod_python + config files from administrators to kickstart
machines.  Due to security concerns I need to have a fairly good idea that the
HTTP request is from anaconda.  (Although I know that headers can be faked.) 
Ideally, this is used to trigger a time window so that in the %post the machine
can retreave a secret encryption key.  This is to prevent some one from poking
the server with a web browser from a "trusted" machine and figuring out how to
get the key themselves (because the poking would not trigger the time window).



Comment 3 Michael Fulbright 2003-07-11 15:52:59 UTC
I would recommend you instead have the machines boot with a small ks.cfg from CD
or floppy, and in that ks.cfg in the %pre you use something like wget or
python's urllib2 to pull the rest of the ks.cfg via an authenticated method, and
use the %include ks directive.

However I'll look into adding a user agent like

anaconda <productname> <version>

as well.



Comment 4 Need Real Name 2004-11-16 09:21:33 UTC
Does Anaconda support basic authentication? I'd think that specifiying
name/pw from the boot menu would achieve the stated aim.

Comment 6 Chris Lumens 2006-03-02 15:26:25 UTC
*** Bug 183650 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.