Story #164
closed
RFE: Add possibility to turn off user/pass authentication
0%
Description
++ This bug was initially created as a clone of Bugzilla Bug #798219 ++
Description of problem:
Since Katello use oauth exclusively we would recommend to turn off user/pass authentication completely. An option for that would improve security. For now we are randomizing admin password.
When implemented, please raise new BZ to swtich this option on in the Katello installer, thank you.
--- Additional comment from jason.dobies@redhat.com at 03/02/2012 21:18:32 ---
I don't think this falls under the jurisdiction of Pulp to provide as a feature.
By default, our user certificates last a week. So for the common usage (OAuth isn't really documented or pushed as an actual feature) it doesn't really make sense to ever disable user/pass authentication.
That's not to say it's not possible, but I think it's a post-install step that's up to the user to configure. It involves changing the httpd configuration to deny basic auth to Pulp. So a workaround exists, but it's done as post-install configuration by the user (or, in this case, as part of the Katello installation).
Keep in mind it's not something we've tested.
--- Additional comment from cduryee@redhat.com at 11/10/2014 15:37:18 ---
This is still desired by the katello team (per jsherrill).
Updated by bmbouter almost 4 years ago
- Status changed from NEW to CLOSED - WONTFIX
Updated by bmbouter almost 4 years ago
Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.
.