Need to add http_port to app.py

[wanghaiqing2015]

Port missing -> http://%s/cblr/svc/op/ks/profile

            if not self.system:
                profile_data["autoinst"] = "http://%s/cblr/svc/op/ks/profile/%s" % (
                    profile_data['http_server'], profile_data['name'])
            else:
                profile_data["autoinst"] = "http://%s/cblr/svc/op/ks/system/%s" % (
                    profile_data['http_server'], profile_data['name'])

[wanghaiqing2015]

https://github.com/cobbler/koan/blob/master/koan/app.py

[opoplawski]

We really need to be able to support https: as well

[mpdehaan]

While that sounds good for servers that don't offer things up over http (cobbler already did), it's important to understand the greatest security implications of a PXE network.

TFTP is already a wide open protocol and it is easy to spoof and access information for other systems. At this point, you really have to trust the network because the system could already be offering you up a fake installer, or the client could be lying about a MAC.

In short, there's no way to authenticate the https:// client so no "secret" content can be put in the kickstart, because there's no way to put a username/password in there safely.

At this point, https:// only defends against MITM, but you can already compromise the earlier stage of the install process.

I'm not sure of the level of certificate checking done by the installer these days - it might have some value for external systems - but can't be used with authentication.