I am using Cobbler to provide Linux distributions to users in an
automated provisioning application.
The used FTP server will not allow anonymous access anymore. However,
afaik Cobbler requires that FTP
user/password are set in the kickstart file, the ks file is made
available via http and it
is transmitted unencrypted from the Cobbler server to the target system.
Therefore, anyone could look
at the user/password in the ks file. Are there any ways to improve
security here? I've thought
about temporary passwords, but I think this is not good enough, as the
vulnerability will still
be there, just for a shorter time.
I know the question may be out of Cobbler scope, but I hope other users
already faced the same problem.
Thanks in advance,
Alan Evangelista
_______________________________________________
cobbler mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/cobbler
