On Wed, Mar 11, 2020 at 2:12 PM Brian Bouterse <bmbou...@redhat.com> wrote:
> tl;dr: What we have today cannot work with rhsm certificates which Katello > uses. To resolve, we need to have content guard checking moved to the > webserver configs for apache and nginx and not done in pulp-content as it > is today. https://pulp.plan.io/issues/6323 > > We need to bring the auth to where TLS is terminated because we can't > being the client certs to pulp-content due to invalid header characters. As > is, pulp-certguard cannot work with Katello's cert types (rhsm certs) so > that is driving my changes. > > If anyone has major concerns or other ideas please let me know. In the > meantime I'm proceeding moving the authorization to the webserver and then > updating pulp-certguard to work with that. This will make pulp-certguard's > GA tied to pulpcore 3.3.0. Feedback is welcome. > What will this mean from a runtime perspective? Or rather, what within the webserver layer will be handling this auth? > > [0]: https://pulp.plan.io/issues/6323 > > Thanks, > Brian > > _______________________________________________ > Pulp-dev mailing list > Pulp-dev@redhat.com > https://www.redhat.com/mailman/listinfo/pulp-dev > -- Eric Helms Principal Software Engineer Satellite and Cloud Services
_______________________________________________ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev
