[PATCH] PAM support for hub and BasicAuth for web
Christos Triantafyllidis
christos.triantafyllidis at gmail.com
Wed Sep 16 14:25:13 UTC 2015
Hello,
Just wanted to follow up this one.
Cheers,
Christos
On Wed, Aug 5, 2015 at 4:14 PM, Christos Triantafyllidis <
christos.triantafyllidis at gmail.com> wrote:
> Hello,
>
> The following patch is adding support for PAM authentication for the
> koji-hub and BasicAuth for the koji-web.
>
> This is useful for our internal use case as it allows us to login without
> the overhead of setting up either a CA or a kerberos realm for our users.
>
> The configuration is backwards compatible and hopefully similar to the
> other authntication methods.
>
> To active PAM support on hub you define the option:
> PAMService = koji
> in hub.conf. The value will be the name of the PAM service. Note the call
> to the PAM module is done via unpriviledged call thus the use of pam_unix
> won't be possible.
>
> Note that activating this option will have as result that username/password
> combinations from the DB will no longer be checked (similarly to when
> activating kerberos or SSL client auth).
>
> The BasicAuth for koji-web requires 2 changes:
> a) To enable WSGIPassAuthorization for /koji/login in httpd configuration.
> That passes the authorization variable from the apache to the application.
> b) Set the "BasicAuthRealm" option to the Basic Authentication Realm that
> will be presented to the user to login.
>
> Finally python-pam package has been added to the hub's dependencies.
>
> Cheers,
> Christos
>
>
> Christos Triantafyllidis (1):
> - Added PAM support for hub - Added BasicAuth support for web
>
> hub/hub.conf | 4 +++-
> hub/kojixmlrpc.py | 2 ++
> koji.spec | 1 +
> koji/auth.py | 33 +++++++++++++++++++++++++--------
> koji/server.py | 2 ++
> www/conf/kojiweb.conf | 5 +++++
> www/conf/web.conf | 3 +++
> www/kojiweb/index.py | 18 +++++++++++++++++-
> www/kojiweb/wsgi_publisher.py | 9 +++++++--
> 9 files changed, 65 insertions(+), 12 deletions(-)
>
> --
> 2.4.3
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/buildsys/attachments/20150916/92085cde/attachment.html>
More information about the buildsys
mailing list