mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
[PR #6366/1aa94a5a backport][stable-6] redhat_subscription: document the security of the registration (#6368)
redhat_subscription: document the security of the registration (#6366)
(cherry picked from commit 1aa94a5a1d
)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
This commit is contained in:
parent
f32a8dc740
commit
acfe464a31
1 changed files with 10 additions and 0 deletions
|
@ -19,6 +19,16 @@ description:
|
||||||
registering using D-Bus if possible.
|
registering using D-Bus if possible.
|
||||||
author: "Barnaby Court (@barnabycourt)"
|
author: "Barnaby Court (@barnabycourt)"
|
||||||
notes:
|
notes:
|
||||||
|
- |
|
||||||
|
The module tries to use the D-Bus C(rhsm) service (part of C(subscription-manager))
|
||||||
|
to register, starting from community.general 6.5.0: this is done so credentials
|
||||||
|
(username, password, activation keys) can be passed to C(rhsm) in a secure way.
|
||||||
|
C(subscription-manager) itself gets credentials only as arguments of command line
|
||||||
|
parameters, which is I(not) secure, as they can be easily stolen by checking the
|
||||||
|
process listing on the system. Due to limitations of the D-Bus interface of C(rhsm),
|
||||||
|
the module will I(not) use D-Bus for registation when trying either to register
|
||||||
|
using I(token), or when specifying I(environment), or when the system is old
|
||||||
|
(typically RHEL 6 and older).
|
||||||
- In order to register a system, subscription-manager requires either a username and password, or an activationkey and an Organization ID.
|
- In order to register a system, subscription-manager requires either a username and password, or an activationkey and an Organization ID.
|
||||||
- Since 2.5 values for I(server_hostname), I(server_insecure), I(rhsm_baseurl),
|
- Since 2.5 values for I(server_hostname), I(server_insecure), I(rhsm_baseurl),
|
||||||
I(server_proxy_hostname), I(server_proxy_port), I(server_proxy_user) and
|
I(server_proxy_hostname), I(server_proxy_port), I(server_proxy_user) and
|
||||||
|
|
Loading…
Reference in a new issue