Steve Robson wrote:
Subject: Does Kickstart Support Secure HTTP (port 443)
From: dadembro@xxxxxxxxxxxxxxxxxxx
Date: Wed, 21 Nov 2007 09:23:29 -0500
I have been asked to disable port 80 for security reasons. I use it
to supply a kickstart file to other systems on the network for Red
Hat Enterprise Linux 4 (update 4). Trying to get the kickstart with
ks=https://ip_address/kickstart_filename.cfg fails.
How about trying http but on some alternate port? ie.
ks=http://ip_address:port/kickstart_filename.cfg
Moving the port really doesn't make it "secure"... what are you trying
to restrict access to in the kickstart tree?
Perhaps there's some package/change that you could push out using a
config management system (or even something as simple as rsync) later?
Or (for limited applications), you could serve (part of) your kickstart
up by a CGI script based on the MAC address with 'kssendmac' on the
kernel command line. That's not really secure either as environment
variables can be forged, but it would allow for some limited access control.
It really depends on what the problem you are trying to solve is though,
any of those having ways to be solved other than kickstart over https://
with authentication. (And without
authentication, there's not all that much point to installs over
https:// anyway).
--Michael
_______________________________________________
Kickstart-list mailing list
Kickstart-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/kickstart-list
