Can it be used with Kerberos?
The AuthN and Z peices do not know about each other, so yes, it can.
Doesn't seem to work for me.
The following configuration allows me to login with my Kerberos creds
(pcompany or user2),
but I seem to only have "list" permissions on all the objects.
The documentation says:
Users that authenticate against the chosen cobbler authentication module
but who are not mentioned in users.conf will still be given read
access to view
things in the Cobbler web interface, but will not be able to
perform any actions,
such as sync, deletion, and edits.
Well, pcompany & user2 *are* "listed in users.conf" in the [admins]
and [jradmin] sections.
The way I understand it, pcompany should have full access under this
configuration;
and user2 should fall thru to the acl.conf jradmin permissions and
only have those permissions.
Why does the below configuration not work?
What am I missing?
Here is what I have configured:
# vi /etc/cobbler/modules.conf
[authentication]
module = authn_passthru
[authorization]
module = authz_ownership
:wq!
# vi /etc/cobbler/users.conf
[admins]
admin = ""
cobbler = ""
pcompany = ""
[jradmin]
user2 = ""