On Satellite, how can access to koan and kickstart profiles be restricted?

Solution Unverified - Updated -

Environment

  • Red Hat Satellite

Issue

*On Satellite, how can access to koan and kickstart profiles be restricted?

Resolution

  • There is no way to restrict access using koan or restrict access to the specific kickstart profile. You can only restrict access to specific clients by blocking port 80 and 443 . After which basic commands like yum will no longer work.

    There is no possible way to restrict access to kickstart profiles because the very nature of kickstarting is that you are starting from scratch and the process does not require direct human intervention. There are no saved credential stores, no opportunity for a user to type in a username / password, nothing that can possibly be used to grant access to one person and not another.

    The solution to this problem is to not put secret data into kickstart profiles. Instead put it in configuration files that will be delivered only to systems that you subscribe to the configuration channel.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.