FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora/Linux Management Tools

 
 
LinkBack Thread Tools
 
Old 03-25-2008, 09:20 PM
Michael DeHaan
 
Default Cobbler 0.9.X/1.0 -- Integrating with Free IPA, Auth against LDAP, and Optional object ownership

So today (Many thanks to Vito Laurenza and Simo Sorce), Cobbler is
getting pretty close to being able to auth the WebUI and XMLRPC requests
against LDAP (in fact, it works in git now), as opposed to the default
method of having users/passwords in a digest file. It's using TLS and
all that good stuff. I have early instructions up here:
https://fedorahosted.org/cobbler/wiki/CobblerWithLdap -- this is
something quite a few people have requested, so it should be nice to have.


In the simplest LDAP configuration (the default configuration does not
use/require LDAP), LDAP will provide authentication for web interface
users plus users of the XMLRPC API, with final authorization access
(yes/no) coming from whether the users are listed in
/etc/cobbler/users.conf.

(Kerberos is already supported, but rather roughly, so I'm still looking
to clean that up.)


After that is complete, we can work on adding the much requested concept
of object ownership -- i.e. "Alice can edit her own created objects, Bob
can edit his, and Admins can edit both". How we do that is still TBD
though it should be reasonably simple.


So once we roll out 0.9.X/1.0, the available authentication modes will be:

configfile (digest, which is the default), ldap, kerberos

And the available authentication modes will be:

allowall (which is the default), configfile (users list), ownership

Comments/questions/ideas welcome... I will also update the Web UI docs
with further pointers to these docs as this becomes available for testing.


I know others have mentioned further integration with LDAP in their
infrastructure, so if that's important, please share details as to what
you are looking for. I also have an RFE to consider LDB for storing
cobbler configurations, which could prove interesting as an option to
what we have know for storage (yaml or bsddb) -- this could further help
with LDAP integration if it makes sense.


--Michael



_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@redhat.com
https://www.redhat.com/mailman/listinfo/et-mgmt-tools
 

Thread Tools




All times are GMT. The time now is 02:41 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org