[PATCH] PAM support for hub and BasicAuth for web

Christos Triantafyllidis christos.triantafyllidis at gmail.com
Wed Sep 16 14:25:13 UTC 2015 

Hello,

Just wanted to follow up this one.

Cheers,
Christos


On Wed, Aug 5, 2015 at 4:14 PM, Christos Triantafyllidis <
christos.triantafyllidis at gmail.com> wrote:

> Hello,
>
> The following patch is adding support for PAM authentication for the
> koji-hub and BasicAuth for the koji-web.
>
> This is useful for our internal use case as it allows us to login without
> the overhead of setting up either a CA or a kerberos realm for our users.
>
> The configuration is backwards compatible and hopefully similar to the
> other authntication methods.
>
> To active PAM support on hub you define the option:
> PAMService = koji
> in hub.conf. The value will be the name of the PAM service. Note the call
> to the PAM module is done via unpriviledged call thus the use of pam_unix
> won't be possible.
>
> Note that activating this option will have as result that username/password
> combinations from the DB will no longer be checked (similarly to when
> activating kerberos or SSL client auth).
>
> The BasicAuth for koji-web requires 2 changes:
> a) To enable WSGIPassAuthorization for /koji/login in httpd configuration.
> That passes the authorization variable from the apache to the application.
> b) Set the "BasicAuthRealm" option to the Basic Authentication Realm that
> will be presented to the user to login.
>
> Finally python-pam package has been added to the hub's dependencies.
>
> Cheers,
> Christos
>
>
> Christos Triantafyllidis (1):
>   - Added PAM support for hub     - Added BasicAuth support for web
>
>  hub/hub.conf                  |  4 +++-
>  hub/kojixmlrpc.py             |  2 ++
>  koji.spec                     |  1 +
>  koji/auth.py                  | 33 +++++++++++++++++++++++++--------
>  koji/server.py                |  2 ++
>  www/conf/kojiweb.conf         |  5 +++++
>  www/conf/web.conf             |  3 +++
>  www/kojiweb/index.py          | 18 +++++++++++++++++-
>  www/kojiweb/wsgi_publisher.py |  9 +++++++--
>  9 files changed, 65 insertions(+), 12 deletions(-)
>
> --
> 2.4.3
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/buildsys/attachments/20150916/92085cde/attachment.html>

More information about the buildsys mailing list