@tbridge tbridge released this Mar 6, 2016 · 7 commits to security since this release

Assets 2

Munki-in-a-Box has long been a good reference implementation for munki - useful for rolling out a testbed very quickly and giving you some basic tools to manage your munki repository. It's been fine for use in controlled circumstances, ideally by computers that never leave their homes. However, for machines that head outside their usual networks, that could put them at risk.

In previous versions of Munki-in-a-Box, you could easily turn on SSL by default and encrypt your communications layer, but that would still let just any client connect. This version uses HTTP Basic Authentication as described by the Munki documentation. This should be a substantive protection against unauthorized access to your repository.

Pull requests to make this simpler are absolutely welcome.