> Guessing -- I believe your username in the bottom example is > [email protected], > if that's what you logged in with, not pcompany. > > Was that it?
No, I can login as pcompany or [email protected] and neither works! It has something to do with the httpd stanza. If you diff the stanzas, This works: AuthType Basic AuthName Cobbler This does not: AuthType Kerberos AuthName "Kerberos Login" KrbServiceName HTTP Krb5Keytab /etc/httpd/conf.d/HTTP.keytab KrbAuthRealms EXAMPLE.COM I'm assuming the authz_ownership module receives the username from somewhere and checks it against the user.conf file. What passes the username to the authz_ownership module? And how do I debug that? It's acting like [email protected] does not exist in user.conf. On Thu, Aug 13, 2009 at 6:12 AM, Michael DeHaan<[email protected]> wrote: > On 08/12/2009 08:54 PM, Paul Company wrote: >> The following works: >> >> # vi /etc/cobbler/modules.conf >> [authentication] >> module = authn_configfile >> >> [authorization] >> module = authz_ownership >> :wq! >> >> # htdigest /etc/cobbler/users.digest "Cobbler" pcompany >> Adding user pcompany in realm Cobbler >> New password:<some-passwd> >> Re-type new password:<some-passwd> >> >> # vi /etc/cobbler/users.conf >> [admins] >> admin = "" >> cobbler = "" >> pcompany = "" >> :wq! >> >> # vi /etc/httpd/conf.d/cobbler.conf >> <Directory "/var/www/cobbler/web/"> >> AuthType Basic >> AuthName Cobbler >> Require valid-user >> SetHandler mod_python >> PythonAuthenHandler index >> PythonHandler index >> PythonPath "sys.path + ['/var/www/cobbler/web/']" >> PythonDebug on >> </Directory> >> :wq! >> >> # /etc/init.d/cobblerd restart >> # /etc/init.d/httpd restart >> >> Browse to the Web UI and login as pcompany: >> (1) Logging in as pcompany works fine. >> (2) pcompany has full permissions to list/copy/modify/new/remove/save >> on distros, profiles, systems, repos, kickstarts >> (3) If I remove pcompany from users.conf, then pcompany can only list >> things; pcompany can't add anything! >> Which is expected! >> >> ============== >> >> The following does NOT work: why? >> >> # vi /etc/cobbler/modules.conf >> [authentication] >> module = authn_passthru >> >> [authorization] >> module = authz_ownership >> :wq! >> >> # vi /etc/cobbler/users.conf >> [admins] >> admin = "" >> cobbler = "" >> [email protected] = "" >> :wq! >> >> # vi /etc/httpd/conf.d/cobbler.conf >> <Directory "/var/www/cobbler/web/"> >> AllowOverride AuthConfig >> AuthType Kerberos >> AuthName "Kerberos Login" >> KrbServiceName HTTP >> Krb5Keytab /etc/httpd/conf.d/HTTP.keytab >> KrbAuthRealms EXAMPLE.COM >> Require valid-user >> SetHandler mod_python >> PythonAuthenHandler index >> PythonHandler index >> PythonPath "sys.path + ['/var/www/cobbler/web/']" >> PythonDebug on >> </Directory> >> :wq! >> >> # /etc/init.d/cobblerd restart >> # /etc/init.d/httpd restart >> >> Browse to the Web UI and login as pcompany: >> (1) Logging in as [email protected] works fine. >> BUT >> (2) [email protected] can only list things; [email protected] >> can't add anything! >> >> Any ideas? >> _______________________________________________ >> cobbler mailing list >> [email protected] >> https://fedorahosted.org/mailman/listinfo/cobbler > > Guessing -- I believe your username in the bottom example is > [email protected], if that's what you logged in with, not pcompany. > > Was that it? > > --Michael > > > _______________________________________________ > cobbler mailing list > [email protected] > https://fedorahosted.org/mailman/listinfo/cobbler > _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
