Hello Alan,
What threat are you expecting? Even if you dont find a ftp server which
support anonymous user you could create a user with read only rights.
The content of the repositories is normaly public or do yo have any
speacial developement which are confidential?
regards
Mike
-----Original Message-----
From: cobbler-bounces(a)lists.fedorahosted.org
[mailto:cobbler-bounces@lists.fedorahosted.org] On Behalf Of Alan
Evangelista
Sent: Mittwoch, 4. September 2013 01:01
To: cobbler(a)lists.fedorahosted.org
Subject: [cobbler] FTP user/password in Cobbler
I am using Cobbler to provide Linux distributions to users in an
automated provisioning application.
The used FTP server will not allow anonymous access anymore. However,
afaik Cobbler requires that FTP user/password are set in the kickstart
file, the ks file is made available via http and it is transmitted
unencrypted from the Cobbler server to the target system.
Therefore, anyone could look
at the user/password in the ks file. Are there any ways to improve
security here? I've thought about temporary passwords, but I think this
is not good enough, as the vulnerability will still be there, just for a
shorter time.
I know the question may be out of Cobbler scope, but I hope other users
already faced the same problem.
Thanks in advance,
Alan Evangelista
_______________________________________________
cobbler mailing list
cobbler(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/cobbler
DISCLAIMER:
This electronic transmission (and any attachments thereto) is intended solely for the use
of the addressee(s). It may contain confidential or legally privileged information. If you
are not the intended recipient of this message, you must delete it immediately and notify
the sender. Any unauthorized use or disclosure of this message is strictly prohibited.
Faurecia does not guarantee the integrity of this transmission and shall therefore never
be liable if the message is altered or falsified nor for any virus, interception or damage
to your system.