the attached patch adds a config option that can be in a config file or on the
command line forcing the use of one authentication type. it is useful if a
hub supports more than one authentication type. or using different hubs that
support different authentications methods. Ive tested with noauth, kerberos,
and ssl.
Dennis
From 0e56c86e70755733985c92619a9b5c03019d0353 Mon Sep 17 00:00:00 2001
From: Dennis Gilmore <[EMAIL PROTECTED]>
Date: Mon, 11 Aug 2008 22:52:57 -0500
Subject: [PATCH] add a command line switch and config option to set the auth type
options are : noauth password ssl and kerberos
--authtype is the switch or authtype = line in config file
---
cli/koji | 14 ++++++++------
1 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/cli/koji b/cli/koji
index 56edb29..af91c1d 100755
--- a/cli/koji
+++ b/cli/koji
@@ -93,6 +93,7 @@ def get_options():
help=_("do not authenticate"))
parser.add_option("--force-auth", action="store_true", default=False,
help=_("authenticate even for read-only operations"))
+ parser.add_option("--authtype", help=_("force use of a type of authentication, options: noauth, ssl, password, or kerberos"))
parser.add_option("-d", "--debug", action="store_true", default=False,
help=_("show debug output"))
parser.add_option("--debug-xmlrpc", action="store_true", default=False,
@@ -141,7 +142,8 @@ def get_options():
'topdir' : '/mnt/koji',
'cert': '~/.koji/client.crt',
'ca': '~/.koji/clientca.crt',
- 'serverca': '~/.koji/serverca.crt'
+ 'serverca': '~/.koji/serverca.crt',
+ 'authtype': None
}
# grab settings from /etc/koji.conf first, and allow them to be
# overridden by user config
@@ -4046,16 +4048,16 @@ def has_krb_creds():
def activate_session(session):
"""Test and login the session is applicable"""
global options
- if options.noauth:
+ if options.authtype == "noauth" or options.noauth:
#skip authentication
pass
- elif os.path.isfile(options.cert):
+ elif options.authtype == "ssl" or os.path.isfile(options.cert) and options.authtype is None:
# authenticate using SSL client cert
session.ssl_login(options.cert, options.ca, options.serverca, proxyuser=options.runas)
- elif options.user:
+ elif options.authtype == "password" or options.user and options.authtype is None:
# authenticate using user/password
session.login()
- elif has_krb_creds():
+ elif options.authtype == "kerberos" or has_krb_creds() and options.authtype is None:
try:
if options.keytab and options.principal:
session.krb_login(principal=options.principal, keytab=options.keytab, proxyuser=options.runas)
@@ -4065,7 +4067,7 @@ def activate_session(session):
error(_("Kerberos authentication failed: %s (%s)") % (e.args[1], e.args[0]))
except socket.error, e:
warn(_("Could not connect to Kerberos authentication service: %s") % e.args[1])
- if not options.noauth and not session.logged_in:
+ if not options.noauth and options.authtype != "noauth" and not session.logged_in:
error(_("Unable to log in, no authentication methods available"))
ensure_connection(session)
if options.debug:
--
1.5.6.4
--
Fedora-buildsys-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
