Satellite's container list should return a 401 page except through LCEs that are configured for unauthenticated access

Solution In Progress - Updated -

Issue

Satellite's container list shows result "{"repositories":[]}" when accessed over the URL "https://FQDN_or_IP/v2/_catalog" without authentication, but customer's security scanner reports that the correct result should be a 401 page.

Since Satellite allows lifecycle environments to be configured to allow access without authentication, it seems reasonable to request that the Satellite server return a 401 page except when accessing that URL on hosts that are registered to lifecycle environments that have been manually configured to allow unauthenticated access.

Environment

Satellite 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content