[Pulp-list] Help setting permissions on roles

Lutchy Horace (Mailing List) mailinglist.subscriptions at lhprojects.net
Sun May 1 16:46:16 UTC 2016

On Sun, 1 May 2016 09:53:29 -0400
"Lutchy Horace (Mailing List)"
<mailinglist.subscriptions at lhprojects.net> wrote:

> I don't mind registering clients with the admin user. However, I do
> have a concern. Do consumers need the admin password to update from
> repository? Assuming that admin password is no where stored on the
> consumer machines? And lastly, assuming the consume machine has been
> compromise, is the Pulp server at risk from pulp-consumer?

It appears that a certificate is stored on the consumer machine:

/Once a consumer is registered, a certificate is written into its PKI: 

This certificate will automatically suffice for authentication against
the server’s API for all future operations until the consumer is

This is a bit troublesome as I am unfamiliar of the security
implications of pulp-consumer. I looked over 'pulp-consumer' command
options and it appears that is not much it can do. Although I wonder if
a malicious user on a compromise machine can use the the client
certificate to conduct malicious activities via REST API?


Lutchy Horace
Owner/Operator/Administrator [http://www.lhprojects.net]
Owner/Operator/Administrator [http://www.bombshellz.net]
Owner/Operator/Administrator [http://www.animehouse.club]
About Me [http://about.me/lhprojects]

More information about the Pulp-list mailing list