Issue #4890 has been updated by Nick Fagerlund.
This turns out to be kind of a hairball! **You cannot use http auth out of the
box with puppet dashboard.**
(Quick aside: since Rails doesn't serve things from the filesystem, auth can't
be implemented in .htaccess, with which the best you can do is prevent access
to the stylesheets and javascript. It works fine if you implement it in the
vhost config with a `<Location "/">` directive block.)
Once you've set up http auth:
* Web access to the interface works fine.
* Puppet cannot submit reports to dashboard. (issue #7173)
* Puppet cannot get nodes from the dashboard. (issue #5126)
As such, this isn't a simple matter of documenting how to do it. First, we will
need to:
* Add the following commented-out block to the sample vhost config we ship in
ext/passenger:
# <Location "/">
# AuthType basic
# AuthName "Puppet Dashboard"
# Require valid-user
# AuthBasicProvider file
# AuthUserFile /etc/apache2/passwords
# </Location>
* Modify the external node script to properly parse usernames and passwords out
of its URL. (see issue #5126)
* Modify puppet/lib/puppet/reports/http.rb to properly parse usernames and
passwords out of the `reporturl` configuration option. (see issue #7173)
Once all three of those are accomplished, I can document how to use http basic
auth with Dashboard. Until then, I'd prefer not to ship a document that tells
users to monkey-patch Puppet. (Note that you cannot separately allow access to
the report submission and node classification endpoints as an interim solution,
since they use the same URLs as the web front-end.)
----------------------------------------
Bug #4890: Documentation's "security" section should explain where to put
.htaccess file and give an example
https://projects.puppetlabs.com/issues/4890
Author: Igal Koshevoy
Status: Accepted
Priority: Normal
Assignee:
Category:
Target version:
Keywords:
Branch:
Affected URL:
Affected Dashboard version:
A very rough draft, must explain what paths are relative to what, etc:
You can create a "/usr/share/puppet-dashboard/public/.htaccess" file with
contents similar to this:
AuthName "Puppet Dashboard"
AuthType Basic
AuthUserFile /usr/share/puppet-dashboard/config/htpasswd
Require valid-user
,,.and then create the AuthUserFile specified above using `htpasswd` (run
`htpasswd -h` for help).
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
