Closed venerari closed 5 months ago
@venerari Thanks for opening this. As it happens, the docker CLI doesn't actually support the concept of anonymous access, it always tries to authenticate. The global anonymous mode as originally implemented didn't work for Docker, which would try to log in regardless (and fail, and stop processing). For this reason, we added a special flag on Docker repositories to help the Docker CLI work in this anonymous way.
podman, on the other hand, does support anonymous mode more naturally. It doesn't try to log in proactively; as a result, enabling anonymous access mode globally is enough to let it access whatever repositories the anonymous role can access. The repository-level setting is irrelevant.
If you want to prevent anonymous access in this way, make sure you've turned off the global anonymous access setting.
We're aware that there's some UX improvements we could make here to make clearer how these work together, perhaps combining these settings entirely so it's all done in one place.
@mrprescott Thanks from your reply, I thought there's a workaround that, I need to make the nexus hosted to login like docker-hosted or maven-hosted. More power.
Hi,
Podman is allowed to pull even if the "allow anonymous docker pull" is disabled,
unlike docker,
Both podman/docker don't have login to the docker address before doing this.
Please fix this, it's a security risk.
Thanks, Venerari