Hello, Just wanted to follow up this one.
Cheers, Christos On Wed, Aug 5, 2015 at 4:14 PM, Christos Triantafyllidis < [email protected]> wrote: > Hello, > > The following patch is adding support for PAM authentication for the > koji-hub and BasicAuth for the koji-web. > > This is useful for our internal use case as it allows us to login without > the overhead of setting up either a CA or a kerberos realm for our users. > > The configuration is backwards compatible and hopefully similar to the > other authntication methods. > > To active PAM support on hub you define the option: > PAMService = koji > in hub.conf. The value will be the name of the PAM service. Note the call > to the PAM module is done via unpriviledged call thus the use of pam_unix > won't be possible. > > Note that activating this option will have as result that username/password > combinations from the DB will no longer be checked (similarly to when > activating kerberos or SSL client auth). > > The BasicAuth for koji-web requires 2 changes: > a) To enable WSGIPassAuthorization for /koji/login in httpd configuration. > That passes the authorization variable from the apache to the application. > b) Set the "BasicAuthRealm" option to the Basic Authentication Realm that > will be presented to the user to login. > > Finally python-pam package has been added to the hub's dependencies. > > Cheers, > Christos > > > Christos Triantafyllidis (1): > - Added PAM support for hub - Added BasicAuth support for web > > hub/hub.conf | 4 +++- > hub/kojixmlrpc.py | 2 ++ > koji.spec | 1 + > koji/auth.py | 33 +++++++++++++++++++++++++-------- > koji/server.py | 2 ++ > www/conf/kojiweb.conf | 5 +++++ > www/conf/web.conf | 3 +++ > www/kojiweb/index.py | 18 +++++++++++++++++- > www/kojiweb/wsgi_publisher.py | 9 +++++++-- > 9 files changed, 65 insertions(+), 12 deletions(-) > > -- > 2.4.3 > >
-- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
