FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora/Linux Management Tools

 
 
LinkBack Thread Tools
 
Old 03-27-2008, 09:08 PM
Michael DeHaan
 
Default Cobbler 0.9.X/1.0 -- Integrating with Free IPA, Auth against LDAP, and Optional object ownership

Michael DeHaan wrote:
So today (Many thanks to Vito Laurenza and Simo Sorce), Cobbler is
getting pretty close to being able to auth the WebUI and XMLRPC
requests against LDAP (in fact, it works in git now), as opposed to
the default method of having users/passwords in a digest file. It's
using TLS and all that good stuff. I have early instructions up
here: https://fedorahosted.org/cobbler/wiki/CobblerWithLdap -- this
is something quite a few people have requested, so it should be nice
to have.


In the simplest LDAP configuration (the default configuration does not
use/require LDAP), LDAP will provide authentication for web interface
users plus users of the XMLRPC API, with final authorization access
(yes/no) coming from whether the users are listed in
/etc/cobbler/users.conf.
(Kerberos is already supported, but rather roughly, so I'm still
looking to clean that up.)


After that is complete, we can work on adding the much requested
concept of object ownership -- i.e. "Alice can edit her own created
objects, Bob can edit his, and Admins can edit both". How we do that
is still TBD though it should be reasonably simple.


So once we roll out 0.9.X/1.0, the available authentication modes will
be:


configfile (digest, which is the default), ldap, kerberos

And the available authentication modes will be:

allowall (which is the default), configfile (users list), ownership

Comments/questions/ideas welcome... I will also update the Web UI
docs with further pointers to these docs as this becomes available for
testing.


I know others have mentioned further integration with LDAP in their
infrastructure, so if that's important, please share details as to
what you are looking for. I also have an RFE to consider LDB for
storing cobbler configurations, which could prove interesting as an
option to what we have know for storage (yaml or bsddb) -- this could
further help with LDAP integration if it makes sense.


--Michael



_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@redhat.com
https://www.redhat.com/mailman/listinfo/et-mgmt-tools


I've updated this with some more information on the authorization
options... Ownership and simple Config File based

authorization are now implemented in git on the devel branch.

https://fedorahosted.org/cobbler/wiki/CustomizableAuthorization

I've also updated the LDAP page somewhat.

In the coming days I'll work on making the WebUI make ownership more
obvious (as opposed to just raising exceptions), making the WebUI be
able to list/edit ownership, and also figuring out what do when someone
wants to delete an object that your object depends on (a fun corner case
to be sure).


--Michael




_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@redhat.com
https://www.redhat.com/mailman/listinfo/et-mgmt-tools
 

Thread Tools




All times are GMT. The time now is 01:11 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org