On 08/13/2009 09:40 PM, Paul Company wrote: > I've subscribed to the dev mailing list, but I'm waiting to be > accepted, so for now I'm posting here. > > Running Cobbler 1.6.6 on RHEL 5.3 > > Here's the configuation: > > # vi /etc/cobbler/modules.conf > [authentication] > module = authn_configfile > > [authorization] > module = authz_ownership > :wq! > > # htdigest /etc/cobbler/users.digest "Cobbler" pcompany > Adding user pcompany in realm Cobbler > New password: yaba > Re-type new password: yaba > # htdigest /etc/cobbler/users.digest "Cobbler" [email protected] > New password: daba > Re-type new password: daba > > # vi /etc/cobbler/users.conf > [admins] > admin = "" > cobbler = "" > pcompany = "" > [email protected] = "" > :wq! > > # vi /etc/httpd/conf.d/cobbler.conf > <Directory "/var/www/cobbler/web/"> > AuthType Basic > AuthName Cobbler > Require valid-user > SetHandler mod_python > PythonAuthenHandler index > PythonHandler index > PythonPath "sys.path + ['/var/www/cobbler/web/']" > PythonDebug on > </Directory> > :wq! > > # /etc/init.d/cobblerd restart > # /etc/init.d/httpd restart > > Browse to the Web UI and login as (A) pcompany and (B) [email protected]: > (A1) Logging in as pcompany works fine. Authentication works. > (A2) Authorization for pcompany works. > pcompany has full permissions to > list/copy/modify/new/remove/save on distros, profiles, systems, repos, > kickstarts > This is because user.conf is parsed correctly and it finds pcompany. > (B1) Logging in as [email protected] works fine. Authentication works. > (B2) Authorization for [email protected] fails! > This is because user.conf is parsed incorrectly and it can not > find [email protected] > > Here's what's left in the log, see line 1044 > # cat /var/log/cobbler/cobblerd.log > 2009-08-13 17:37:56,905 - api - login attempt; user([email protected]) > 2009-08-13 17:37:56,905 - api - authenticate; ['[email protected]', > 'big long encryption string'] > 2009-08-13 17:37:56,906 - api - login succeeded; user([email protected]) > 2009-08-13 17:37:57,035 - api - calling authorize for resource > ['new_system', None, None]; user([email protected]) > 2009-08-13 17:37:57,035 - api - Exception occured: cobbler.cexceptions.CX > 2009-08-13 17:37:57,035 - api - Exception value: 'user does not have > access to resource: new_system' > 2009-08-13 17:37:57,036 - api - Exception Info: > File "/usr/lib/python2.4/site-packages/cobbler/remote.py", line > 1000, in check_access_no_fail > self.check_access(token,resource,arg1,arg2) > File "/usr/lib/python2.4/site-packages/cobbler/remote.py", line > 1013, in check_access > rc = self.__authorize(token,resource,arg1,arg2) > File "/usr/lib/python2.4/site-packages/cobbler/remote.py", line > 1044, in __authorize > raise CX(_("user does not have access to resource: %s") % resource) > > Can anyone think of a quick fix? > I'm assuming it's choking on the @ symbol. > I tried quoting it, but that didn't work. > We probably have to modify /usr/lib/python2.4/site-packages/cobbler/remote.py? > Or whatever python module parses users.conf? > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler >
We're using standard python config parser for user.conf presently, so not much can be done. Perhaps we could teach it to also try to look up the version without the @.... --Michael _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
