-
Story
-
Resolution: Obsolete
-
Major
-
None
-
None
+++ This bug was initially created as a clone of Bug #2188004 +++
Description of problem:
Overall we are documenting "basic" authentication as an alternative to the "cert" method, however when using basic authentication the username and password remain in plain text.
The goal of this RFE is not to provide encryption, but to add a Warning in the configuration file to encourage customer to stick with "authmethod=BASIC"
Version-Release number of selected component (if applicable):
Focus on RHEL9 and RHEL8
Actual text in insights-client.conf:
~~~
- Change authentication method, valid options BASIC, CERT. Default BASIC
#authmethod=BASIC
- username to use when authmethod is BASIC
#username=
- password to use when authmethod is BASIC
#password=
~~~
Proposed text in insights-client.conf:
~~~
- Change authentication method, valid options BASIC, CERT.
- The recommended and default method is CERT.
- Changing to BASIC is less secure and not recommended as the username and password will be stored in plain text in the configuration file.
#authmethod=BASIC
- username to use when authmethod is BASIC
#username=
- password to use when authmethod is BASIC
#password=
~~~
Additional info:
- external trackers