Hello, The following patch is adding support for PAM authentication for the koji-hub and BasicAuth for the koji-web.
This is useful for our internal use case as it allows us to login without the overhead of setting up either a CA or a kerberos realm for our users. The configuration is backwards compatible and hopefully similar to the other authntication methods. To active PAM support on hub you define the option: PAMService = koji in hub.conf. The value will be the name of the PAM service. Note the call to the PAM module is done via unpriviledged call thus the use of pam_unix won't be possible. Note that activating this option will have as result that username/password combinations from the DB will no longer be checked (similarly to when activating kerberos or SSL client auth). The BasicAuth for koji-web requires 2 changes: a) To enable WSGIPassAuthorization for /koji/login in httpd configuration. That passes the authorization variable from the apache to the application. b) Set the "BasicAuthRealm" option to the Basic Authentication Realm that will be presented to the user to login. Finally python-pam package has been added to the hub's dependencies. Cheers, Christos Christos Triantafyllidis (1): - Added PAM support for hub - Added BasicAuth support for web hub/hub.conf | 4 +++- hub/kojixmlrpc.py | 2 ++ koji.spec | 1 + koji/auth.py | 33 +++++++++++++++++++++++++-------- koji/server.py | 2 ++ www/conf/kojiweb.conf | 5 +++++ www/conf/web.conf | 3 +++ www/kojiweb/index.py | 18 +++++++++++++++++- www/kojiweb/wsgi_publisher.py | 9 +++++++-- 9 files changed, 65 insertions(+), 12 deletions(-) -- 2.4.3 -- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
