FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora/Linux Management Tools

LinkBack Thread Tools
Old 03-27-2008, 09:08 PM
Michael DeHaan
Default Cobbler 0.9.X/1.0 -- Integrating with Free IPA, Auth against LDAP, and Optional object ownership

Michael DeHaan wrote:
So today (Many thanks to Vito Laurenza and Simo Sorce), Cobbler is
getting pretty close to being able to auth the WebUI and XMLRPC
requests against LDAP (in fact, it works in git now), as opposed to
the default method of having users/passwords in a digest file. It's
using TLS and all that good stuff. I have early instructions up
here: https://fedorahosted.org/cobbler/wiki/CobblerWithLdap -- this
is something quite a few people have requested, so it should be nice
to have.

In the simplest LDAP configuration (the default configuration does not
use/require LDAP), LDAP will provide authentication for web interface
users plus users of the XMLRPC API, with final authorization access
(yes/no) coming from whether the users are listed in
(Kerberos is already supported, but rather roughly, so I'm still
looking to clean that up.)

After that is complete, we can work on adding the much requested
concept of object ownership -- i.e. "Alice can edit her own created
objects, Bob can edit his, and Admins can edit both". How we do that
is still TBD though it should be reasonably simple.

So once we roll out 0.9.X/1.0, the available authentication modes will

configfile (digest, which is the default), ldap, kerberos

And the available authentication modes will be:

allowall (which is the default), configfile (users list), ownership

Comments/questions/ideas welcome... I will also update the Web UI
docs with further pointers to these docs as this becomes available for

I know others have mentioned further integration with LDAP in their
infrastructure, so if that's important, please share details as to
what you are looking for. I also have an RFE to consider LDB for
storing cobbler configurations, which could prove interesting as an
option to what we have know for storage (yaml or bsddb) -- this could
further help with LDAP integration if it makes sense.


et-mgmt-tools mailing list

I've updated this with some more information on the authorization
options... Ownership and simple Config File based

authorization are now implemented in git on the devel branch.


I've also updated the LDAP page somewhat.

In the coming days I'll work on making the WebUI make ownership more
obvious (as opposed to just raising exceptions), making the WebUI be
able to list/edit ownership, and also figuring out what do when someone
wants to delete an object that your object depends on (a fun corner case
to be sure).


et-mgmt-tools mailing list

Thread Tools

All times are GMT. The time now is 01:11 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org