Hi Kirk, If you're looking to do both passthrough (kerb) and a service type user, this patch with the chainloading plugin might be interesting to you.
I've been planing on re-implementing it into the core directly, but haven't had a chance yet. http://www.mail-archive.com/[email protected]/msg01641.html I was using it for a ldap + basic auth service account setup, but it should work for other types as well. I had found that passthrough in 2.0.? had some problems keeping multiple user straight in apache due to the re-use of apache workers. Hope this helps, James On Mon, Feb 20, 2012 at 9:29 AM, Kirk VanOpdorp <[email protected]> wrote: > Ok. That is actually what I was doing via a simple authenticated web > service. Just wanted to see if there was a better way that was not obvious > to me. Thanks for the quick response! > > On Feb 20, 2012, at 11:05 AM, Michael DeHaan <[email protected]> > wrote: > > > "My question is that the read write API requires a token which > > requires a user and password. What password do I use in that case if I > > am using the passthru authentication?" > > > > Here's the source of the module: > > > > def authenticate(api_handle,username,password): > > """ > > Validate a username/password combo, returning True/False > > Uses cobbler_auth_helper > > """ > > ss = utils.get_shared_secret() > > if password == ss: > > rc = True > > else: > > rc = False > > return rc > > > > > > Basically authn_passthru is limiting built in security so that you can > > put your own access control in front of the web app, rather than doing > > something like looking at the digest file. > > > > If you're using XMLRPC, it doesn't matter what username you use, but > > you have to use the contents of /var/lib/cobbler/web.ss for the > > password. > > > > It is regenerated every time cobblerd restarts. > > > > We don't have an actual kerberos module that would allow kerberos > > username/passwords to XMLRPC, but we do have a module for > > authenticating against LDAP. > > > > > https://github.com/cobbler/cobbler/blob/master/cobbler/modules/authn_ldap.py > > > > > > > > > > > > > > On Mon, Feb 20, 2012 at 10:04 AM, Kirk VanOpdorp <[email protected]> > wrote: > >> I am using cobbler with passthru authentication to enable Kerberos on > cobbler web. I would also like remote read write access to the xmlrpc API. > I have setup the proxied cobbler_api in apache such that I think it should > work. My question is that the read write API requires a token which > requires a user and password. What password do I use in that case if I am > using the passthru authentication? > >> _______________________________________________ > >> cobbler mailing list > >> [email protected] > >> https://fedorahosted.org/mailman/listinfo/cobbler > > _______________________________________________ > > cobbler mailing list > > [email protected] > > https://fedorahosted.org/mailman/listinfo/cobbler > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler >
_______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
