[Spacewalk-list] server hw dimensioning and usage questions
Jan Hutař
jhutar at redhat.com
Tue Aug 28 11:06:10 UTC 2012
On Tue, 28 Aug 2012 11:12:59 +0200 "Mgr. Peter Hudec"
<peter.hudec at cnc.sk> wrote:
> >> 5) client side certificates
> >> as the clients are mobile do the spacewalk have possibility
> >> to verify the connection based on client ssl certificate? I
> >> did not found any configuration directive on 'rhnsd' or
> >> 'osad'.
> >
> > Not sure what you mean here - which client side certificates?
> > rhn_check uses config in /etc/sysconfig/rhn/up2date - there
> > you should have serverURL=https://... Services 'rhnsd' and
> > 'osad' uses rhn_check to actually get and perform the action.
> I ment SSL based authentication using the clients certificates.
> You can find it on web based solutions, there the client have
> imported clients certificates into the browser /or token/ and
> the web server request the AAA based on this certificate. In
> apache configuration is you can find directives
> --- cut ---
> SSLVerifyClient require
> SSLVerifyDepth 10
> SSLCACertificateFile <path too CA CERT>
> --- cut ---
> In our case each device will be authenticated by its
> certificate. In case the of stolen device, we just revoke the
> certificate. But I as did small engineering, there isn't
> configuration option for rhnsd/osad/rhn_check to set the
> client certificate.
>
> Of course there will applied another security policies such as
> FDE, home/swap encryption, ....
I do not think we support this and I'm also not sure why you
need it - what are you trying to achieve?
Regards,
Jan
--
Jan Hutar Systems Management QA
jhutar at redhat.com Red Hat, Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20120828/68500e39/attachment.sig>
More information about the Spacewalk-list
mailing list