On 08/13/2009 12:23 PM, Paul Company wrote:
Guessing -- I believe your username in the bottom example is
[email protected],
if that's what you logged in with, not pcompany.
Was that it?
No, I can login as pcompany or [email protected] and neither works!
It has something to do with the httpd stanza.
If you diff the stanzas,
This works:
AuthType Basic
AuthName Cobbler
This does not:
AuthType Kerberos
AuthName "Kerberos Login"
KrbServiceName HTTP
Krb5Keytab /etc/httpd/conf.d/HTTP.keytab
KrbAuthRealms EXAMPLE.COM
I'm assuming the authz_ownership module receives the username from
somewhere and checks it against the user.conf file.
What passes the username to the authz_ownership module?
The username is the username you give to the login prompt.
And how do I debug that?
It's acting like [email protected] does not exist in user.conf.
That's because it doesn't exist in user.conf :)
# vi /etc/cobbler/users.conf
[admins]
admin = ""
cobbler = ""
pcompany = ""
:wq!
You will be able to login through anything Kerberos allows, though what you are
able to do is governed by users.conf.
Hence you have to edit the Apache file to reject users not in your ok list as
well.
--Michael
_______________________________________________
cobbler mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/cobbler
