[Bug 833994] Re: debian-installer does not support https when using with preseed files
Colin Watson
cjwatson at canonical.com
Mon Feb 10 16:44:21 UTC 2014
** Also affects: kickseed (Ubuntu)
Importance: Undecided
Status: New
** Changed in: kickseed (Ubuntu)
Status: New => Triaged
** Changed in: kickseed (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to kickseed in Ubuntu.
https://bugs.launchpad.net/bugs/833994
Title:
debian-installer does not support https when using with preseed files
Status in “cobbler-enlist” package in Ubuntu:
Triaged
Status in “debian-installer” package in Ubuntu:
Triaged
Status in “debian-installer-utils” package in Ubuntu:
Triaged
Status in “kickseed” package in Ubuntu:
Triaged
Bug description:
Hi
As part of a PCI Compliance process we need to ensure that
confidential information is passed in a secure way. Currently one can
pxeboot machines and the root password travels encrypted with MD5
which nowadays is breakable and it is not part of the PCI
Recommendations as follow below:
"Render all passwords unreadable during transmission and storage on
all system components using strong cryptography (defined in PCI DSS
Glossary of Terms, Abbreviations, and Acronyms)" -
https://www.trustwave.com/steps_pci_info.php?step=8 where md5 is not a
part of the examples of the strong cryptography's described in the
above document.
Everything else works in the pxeboot, eg getting the kernel and initrd
through https but the preseed file fails to get downloaded as in the
example below.
By appending the following in the pxelinux configuration:
-- preseed/url=https://host/path/presee.cfg
Linux version: Ubuntu LTS 10.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cobbler-enlist/+bug/833994/+subscriptions
More information about the foundations-bugs
mailing list