Does Kickstart Support Secure HTTP (port 443)
Michael DeHaan
mdehaan at redhat.com
Wed Nov 28 16:44:06 UTC 2007
Steve Robson wrote:
>> Subject: Does Kickstart Support Secure HTTP (port 443)
>> From: dadembro at rockwellcollins.com
>> Date: Wed, 21 Nov 2007 09:23:29 -0500
>>
>> I have been asked to disable port 80 for security reasons. I use it
>> to supply a kickstart file to other systems on the network for Red
>> Hat Enterprise Linux 4 (update 4). Trying to get the kickstart with
>> ks=https://ip_address/kickstart_filename.cfg fails.
>
> How about trying http but on some alternate port? ie.
> ks=http://ip_address:port/kickstart_filename.cfg
>
Moving the port really doesn't make it "secure"... what are you trying
to restrict access to in the kickstart tree?
Perhaps there's some package/change that you could push out using a
config management system (or even something as simple as rsync) later?
Or (for limited applications), you could serve (part of) your kickstart
up by a CGI script based on the MAC address with 'kssendmac' on the
kernel command line. That's not really secure either as environment
variables can be forged, but it would allow for some limited access control.
It really depends on what the problem you are trying to solve is though,
any of those having ways to be solved other than kickstart over https://
with authentication. (And without
authentication, there's not all that much point to installs over
https:// anyway).
--Michael
More information about the Kickstart-list
mailing list