FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora/Linux Management Tools

 
 
LinkBack Thread Tools
 
Old 12-05-2007, 08:21 PM
Michael DeHaan
 
Default Cobbler gets pluggable authentication/authorization (devel branch)

Ok,

I've implemented the first bits of a customizable authentication and
authorization system in Cobbler (0.7.x branch), that should be adaptable
to most complex workflows.

In other words, you can now define who gets to log in, in your own way,
and who gets to do what -- whether that means kerberos/LDAP (FreeIPA?),
htdigest/all access, something built on PolicyKit, or something you have
in house. (I still need to write some plugins for some of these --
contributions welcome!).


The WebUI also now uses mod_python, which allows us to do some nifty
tricks like using the same auth system on the frontend as with the web
service. That's perhaps less interesting though...


Start of documentation on this here:

https://hosted.fedoraproject.org/projects/cobbler/wiki/CustomizableSecurity

The main advantage to people who don't care about the above is that
WebUI setup is a few steps simpler now:


https://hosted.fedoraproject.org/projects/cobbler/wiki/CobblerWebInterface

You'll notice some permissions based steps are gone, and there's one
less authentication file to set up.


The other simple change I want to make is to allow the Web UI to log
directly in the Apache error logs, so it will be even easier to tell
what's going on. It does some of this directly, but it can log more
information, and that's the first place people generally look for web
based errors anyway.


We've also talked here about having logging also be module-based, so
more finer grained logging from the XMLRPC layer and the command line is
in the works too, after this gets polished up some more.


So Cobbler's growing up... and hopefully this will make it a lot more
usable in larger configurations where the idea of a few admins having
full access doesn't quite solve your administration problems. If
you're just a small installation that doesn't care about this kind of
thing, Cobbler will of course not force any of this on you... which is
also a good thing.


Thoughts welcome.

--Michael


_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@redhat.com
https://www.redhat.com/mailman/listinfo/et-mgmt-tools
 

Thread Tools




All times are GMT. The time now is 08:36 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org