authz_ownership not working with authn_passthru + Kerberos

Wed, 12 Aug 2009 17:56:54 -0700 

The following works:

# vi /etc/cobbler/modules.conf
[authentication]
module = authn_configfile

[authorization]
module = authz_ownership
:wq!

# htdigest /etc/cobbler/users.digest "Cobbler" pcompany
Adding user pcompany in realm Cobbler
New password: <some-passwd>
Re-type new password: <some-passwd>

# vi /etc/cobbler/users.conf
[admins]
admin = ""
cobbler = ""
pcompany = ""
:wq!

# vi /etc/httpd/conf.d/cobbler.conf
<Directory "/var/www/cobbler/web/">
   AuthType Basic
   AuthName Cobbler
   Require valid-user
   SetHandler mod_python
   PythonAuthenHandler index
   PythonHandler index
   PythonPath "sys.path + ['/var/www/cobbler/web/']"
   PythonDebug on
</Directory>
:wq!

# /etc/init.d/cobblerd restart
# /etc/init.d/httpd restart

Browse to the Web UI and login as pcompany:
(1) Logging in as pcompany works fine.
(2) pcompany has full permissions to list/copy/modify/new/remove/save
on distros, profiles, systems, repos, kickstarts
(3) If I remove pcompany from users.conf, then pcompany can only list
things; pcompany can't add anything!
     Which is expected!

==============

The following does NOT work: why?

# vi /etc/cobbler/modules.conf
[authentication]
module = authn_passthru

[authorization]
module = authz_ownership
:wq!

# vi /etc/cobbler/users.conf
[admins]
admin = ""
cobbler = ""
[email protected] = ""
:wq!

# vi /etc/httpd/conf.d/cobbler.conf
<Directory "/var/www/cobbler/web/">
  AllowOverride AuthConfig
  AuthType Kerberos
  AuthName "Kerberos Login"
  KrbServiceName HTTP
  Krb5Keytab /etc/httpd/conf.d/HTTP.keytab
  KrbAuthRealms EXAMPLE.COM
  Require valid-user
  SetHandler mod_python
  PythonAuthenHandler index
  PythonHandler index
  PythonPath "sys.path + ['/var/www/cobbler/web/']"
  PythonDebug on
</Directory>
:wq!

# /etc/init.d/cobblerd restart
# /etc/init.d/httpd restart

Browse to the Web UI and login as pcompany:
(1) Logging in as [email protected] works fine.
BUT
(2) [email protected] can only list things; [email protected]
can't add anything!

Any ideas?
_______________________________________________
cobbler mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/cobbler

Reply via email to