Eric Doutreleau
Le 03/11/2011 04:12, James Cammarata a écrit : > On Wed, Nov 2, 2011 at 9:06 AM, Eric Doutreleau > <[email protected]> wrote: >> Hi >> >> i have just migrate from 2.0.11 to 2.2.1 and my external >> authentification doesn't work anymore. >> >> in order to do that i have in my modules.conf file the following sentence >> >> [authentication] >> module = authn_passthru >> >> [authorization] >> module = authz_allowall >> >> and in the cobbler_web.conf in the /etc/httpd/conf.d directory >> >> >> <VirtualHost *:80> >> >> # Do not log the requests generated from the event notification system >> SetEnvIf Request_URI ".*/op/events/user/.*" dontlog >> # Log only what remains >> CustomLog logs/access_log combined env=!dontlog >> >> WSGIScriptAlias /cobbler_web /usr/share/cobbler/web/cobbler.wsgi >> >> <Location "/cobbler_web"> >> AuthBasicAuthoritative Off >> AuthType CAS >> AuthName cobbler >> AuthLDAPUrl "ldap://ldap1.int-evry.fr/dc=int-evry,dc=fr"; >> require ldap-group CN=s2ia-isr,Ou=Groups,dc=int-evry,dc=fr >> Require valid-user >> >> </Location> >> >> when i try to log i m redirected to my SSO banner i log in it but after >> i got the cobbler banner instead of going passthru. >> >> when i look at the apache logs i see that i m authenticated >> 157.159.21.152 - doutrele [02/Nov/2011:09:02:49 -0500] "GET >> /cobbler_web/ HTTP/1.1" 200 1060 "-" "Mozilla/5.0 (X11; Linux i686) >> AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.0 Safari/535.7" >> >> but it seems that cobbler didn't care about that. >> >> does someone know how to solve that problem? > > Yes, I noticed this the other day too... unfortunately since we moved > to form-based logins with the web interface, we're not using basic > authentication through apache, which authn_passthrough relies on. How > are you configuring apache for authentication? I've recently created > an authn_pam module (partially because of the breakage to > authn_passthrough), which should be able to replace anything you're > doing through apache. > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler Hi Well we re using mod_cas to have SSO login on cobbler. it s what i wrote on the configuration here Location "/cobbler_web"> AuthBasicAuthoritative Off AuthType CAS AuthName cobbler AuthLDAPUrl "ldap://ldap1.int-evry.fr/dc=int-evry,dc=fr"; require ldap-group CN=s2ia-isr,Ou=Groups,dc=int-evry,dc=fr Require valid-user </Location> It s the apache module mod_auth_cas who does the job. first it redirects to the CAS server for authentification. the user got a ticket and after the mod_cas module is able to validate the user with this ticket. and the authorization is made through ldap. As it existe a pam_cas module i m interested in your authn_pam to see if i can do something with it. _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
