Stephen John Smoogen wrote:
DHCP would also be an issue correct?
funcd0 -> landshark mitm -> certmaster knock, knock, certmaster
The previous conversation we've had pretty much revolve around this axiom:
"Bare metal provisioning requires that the trust begin somewhere".
That somewhere is the provisioning server.
In the above scenario, you have a box capable of mucking with DNS. So,
it wouldn't have to MITM the func server -- it could also
MITM the kickstart server, which is much easier ... and from there, it
can install whatever packages it wants, and install anything
in post that it wants.
If the above is a concern, you distribute certs without using
certmaster, and you also don't ever use any kind of bare metal provisioning
(PXE). However, for sites that want this sort of things (datacenters,
universities, etc) MITM'ing the provisioning server is almost
never a problem anyone worries about. Mainly because they have to
trust it (and the network) at some level to achieve automation.
Anyhow, manual distribution is still available if needed.
--Michael
