Pulp

++ This bug was initially created as a clone of Bugzilla Bug #798219 ++

Description of problem:

Since Katello use oauth exclusively we would recommend to turn off user/pass authentication completely. An option for that would improve security. For now we are randomizing admin password.

When implemented, please raise new BZ to swtich this option on in the Katello installer, thank you.

--- Additional comment from jason.dobies@redhat.com at 03/02/2012 21:18:32 ---

I don't think this falls under the jurisdiction of Pulp to provide as a feature.

By default, our user certificates last a week. So for the common usage (OAuth isn't really documented or pushed as an actual feature) it doesn't really make sense to ever disable user/pass authentication.

That's not to say it's not possible, but I think it's a post-install step that's up to the user to configure. It involves changing the httpd configuration to deny basic auth to Pulp. So a workaround exists, but it's done as post-install configuration by the user (or, in this case, as part of the Katello installation).

Keep in mind it's not something we've tested.

--- Additional comment from cduryee@redhat.com at 11/10/2014 15:37:18 ---

This is still desired by the katello team (per jsherrill).